Back to skill
Skillv1.0.0
ClawScan security
clawopen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 6:34 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only directory/links guide that asks for no credentials, installs, or special access and its behavior matches its description.
- Guidance
- This skill is effectively a curated link guide and contains no code or credential requests, so it is low-risk. Still, note the published 'Source' is unknown and the SKILL.md points to an external domain (openclaw123.xyz) — verify that site before submitting any personal data or contributing links. If you need higher assurance, ask the publisher for the upstream GitHub repository URL (the SKILL.md lists a generic GitHub link only) or inspect the live project repository before installing or invoking the skill.
Review Dimensions
- Purpose & Capability
- okName, description, and files all describe a community-maintained resource directory. There are no extra env vars, binaries, or permissions requested that would be unrelated to a link directory.
- Instruction Scope
- okSKILL.md only contains prose linking to an external site (https://openclaw123.xyz/) and describes how users can browse and bookmark resources. It does not instruct the agent to read local files, access credentials, or transmit data to unexpected endpoints.
- Install Mechanism
- okNo install spec and no code files beyond a package.json and a markdown instructions file. Nothing will be written to disk or executed by an installer as part of the skill.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There are no disproportionate secret/credential requests.
- Persistence & Privilege
- okThe skill is not always-included and does not request elevated or persistent agent privileges. It does not modify other skills or system-wide settings.