Skillv0.1.0

ClawScan security

Ai Security Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 7:56 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and remediation steps look coherent for an AI-endpoint security audit, but it repeatedly references an external 'OpenClaw' threat database without any declared access method (API, endpoint, or credential), which is an important unexplained gap.
Guidance: This skill appears to be a legitimate audit playbook, but it references an external 'OpenClaw' threat-intel database without explaining how it will query that data. Before installing or running it, ask the skill author: (1) How does the skill access OpenClaw (API endpoint, auth method, or is the data embedded)? (2) Will the agent make network calls to external services, and if so, which hosts and what data will be sent? (3) Will the agent execute shell commands on your machine or require you to paste sensitive config files or credentials? If you proceed, avoid pasting raw secrets; provide sanitized examples or run the audit commands yourself in a controlled environment. Prefer a version that documents the OpenClaw API endpoint and required credentials, or that runs entirely offline with user-provided data so you can verify any external network activity.

Review Dimensions

Purpose & Capability: noteThe name/description claim an audit using the OpenClaw threat intelligence dataset; the SKILL.md contains appropriate questions to ask the user and sensible audit/hardening steps. However, the skill never declares or documents how to access the OpenClaw database (no API URL, API key, SDK, or instructions). That mismatch between claimed data-source and required access is a notable omission.
Instruction Scope: okThe runtime instructions focus on collecting endpoint metadata, checking exposures, mapping risk fields, and producing a report. Commands suggested (curl to get public IP, grep to search config files, firewall commands) are relevant to the audit. The instructions do not ask for unrelated credentials or system-wide secrets. They do, however, instruct running file searches and shell commands that could reveal secrets if executed — which is expected for an audit but requires explicit user consent.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files; nothing will be written to disk by the skill itself. That minimizes install-time risk.
Credentials: okThe skill declares no required environment variables, binaries, or credentials. The remediation steps show how to set env vars locally (e.g., WEBUI_SECRET_KEY) and suggest searching local config files for secrets. Because no external API key or OpenClaw credential is requested, the lack of declared credentials is the main proportionality concern (see purpose_capability).
Persistence & Privilege: okalways is false and the skill does not request persistence or system-level privileges. Autonomous invocation is allowed by platform default but there are no signals of privileged or persistent changes initiated by the skill itself.