Rule Creation
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is open about its purpose, but it can automatically make persistent changes to your agent’s rules and generates executable workflows from unescaped rule text.
Install only if you want this skill to automatically edit your OpenClaw governance files. Review diffs before accepting changes, avoid feeding it untrusted rule text, and inspect any generated Lobster workflows before enabling or running them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A rule-like phrase could cause the agent to edit governance files or create enforcement artifacts before you review the change.
The skill mandates automatic file/workflow mutation without an approval checkpoint.
When this skill triggers, **always** execute the following steps in order. Do NOT ask permission — CE-PROCESS compliance means **wire first, report after**.
Require explicit confirmation, a dry-run diff, and a user-selected target before writing persistent rules or workflows.
A mistaken, ambiguous, or adversarial rule can be stored and reused by the agent in future sessions.
The script persists generated rule text into OpenClaw context/governance files under the user's home directory.
return path.join(clawd, 'TOOLS.md'); ... fs.writeFileSync(targetFile, newContent, 'utf8');
Treat new rule text as untrusted until approved, record provenance, provide rollback/removal instructions, and avoid automatic persistence from broad trigger phrases.
A crafted rule description could alter the generated workflow and run unintended shell commands when Lobster later executes it.
User/env-provided rule descriptions are inserted directly into shell command blocks in generated .lobster workflows without shell/YAML escaping.
command: |\n echo "Rule: {{RULE_DESCRIPTION}}" ... .replace(/\{\{RULE_DESCRIPTION\}\}/g, ruleDescription)Do not embed arbitrary rule text inside executable shell commands; escape or validate values, store rule text as data, and use safer non-shell execution patterns.