Skillv1.2.0

ClawScan security

Leo's Reading Notes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 4:29 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested resources and instructions are coherent with its stated purpose of creating and managing structured reading notes; nothing in the package indicates unexplained access to secrets, external endpoints, or privileged installers.
Guidance: This skill appears to do what it says: find/bookmark text, structure notes, and manage a nightly internalization checklist. Before installing, consider these practical checks: 1) Confirm how your agent/platform implements the '21:00' reminder — the SKILL.md expects scheduled runs but the skill provides no scheduler; verify you want the agent to run nightly and send reminders. 2) Review storage location and permissions: notes are written to reading-notes/ (and the publish script uses /root/.openclaw/…); ensure you are comfortable with those paths and that the agent has only the filesystem access you intend. 3) Be aware the skill performs web searches to fetch original text and may store excerpts; if you have concerns about copyrighted material or external network access, confirm the agent's search tool and content sourcing policy. 4) The publish.sh helper calls a clawhub CLI and uses an absolute root path — do not run scripts as root unless you understand them. If you want stronger assurance, request the author to: supply a documented scheduling mechanism (or remove the nightly reminder requirement), avoid hard-coded /root paths, and state what search provider or API will be used for text lookups.

Review Dimensions

Purpose & Capability: okThe name/description (structure reading notes, internalization workflow, nightly reminders) matches the SKILL.md: it reads user book snippets, searches for original text, creates/updates markdown files, and manages an internal pending list. It does not request unrelated credentials or binaries.
Instruction Scope: noteThe instructions ask the agent to 'use a search tool' to find original text and to read/write files under reading-notes/ and workspace/skills/reading-notes/. Those actions are appropriate for the purpose, but the SKILL.md also defines a nightly 21:00 reminder workflow without providing an implementation or install-time scheduler — it's an expectation on the agent runtime to run periodically. The document does not reference any external endpoints beyond generic web search, nor does it request unrelated system files or credentials.
Install Mechanism: okThere is no install spec (instruction-only). The only code file is a small publish.sh helper that invokes a clawhub CLI to publish the skill. No downloads, archives, or third‑party package installs are present.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The runtime instructions only read/write files within the skill's documented data directories. This is proportionate to the stated functionality.
Persistence & Privilege: notealways:false and default autonomous invocation are appropriate. The SKILL.md requests recurring (daily 21:00) behavior, which implies persistent scheduling at the agent/platform level; the skill itself doesn't install a scheduler or modify system-wide settings. The publish script references an absolute /root path, which is odd but not inherently malicious—it may assume a particular runtime layout.