Skillv0.7.28

ClawScan security

Raon OS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 28, 2026, 12:54 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested resources are coherent with its stated purpose (a startup companion that evaluates plans, crawls public government data, runs a local HTTP API, and optionally uses LLM APIs); nothing requested is disproportionate or unrelated, though you should review local server/network and secret-storage behaviors before running.
Guidance: This skill appears to do what it says (business-plan evaluation, government program crawlers, RAG, local REST API). Before installing or running it, consider: 1) Secrets: it recommends storing LLM API keys in ~/.openclaw/.env — ensure that file is protected (chmod 600) or keep keys in a secure vault; 2) Local server exposure: by default it runs an HTTP server (port 8400) and includes instructions for ngrok and installing a service — do not expose the server to the public without reviewing server.py, admin endpoints, and adding proper firewall/reverse-proxy protections; 3) Persistence: the skill writes data under eval_data/ and history files and may append to JSONL files; if you are concerned about sensitive PDFs or PII, run it in an isolated environment or container and inspect parse/evaluate scripts first; 4) Review install-service.sh and any systemd/service scripts before using them; 5) Allowed-domain fetch: the crawlers fetch public government sites and the code documents an allowlist for realtime fetches — if you plan to expose the server to third parties, verify the is_allowed_url() logic in server/rag_pipeline to ensure arbitrary outbound fetches are blocked; 6) Test code note: the repo includes test fixtures (conftest.py) that mock authentication for tests — this is normal for tests but ensure you are not running the test harness in production mode. If any of these behaviors are unacceptable, run the skill in a sandbox or review/modify the code before use.

Review Dimensions

Purpose & Capability: okName/description (startup companion, biz-plan evaluation, gov-funding matching, Kakao integration, RAG pipeline, crawlers) align with included files (evaluation scripts, crawlers, rag_pipeline, server, kakao webhook helpers, widget). Required bins (python3, node) are appropriate: python drives core logic and node provides a thin CLI wrapper. No bizarre or unrelated credentials/binaries are requested.
Instruction Scope: noteSKILL.md instructs running local server (default port 8400), CLI scripts (raon.sh), and crawlers that fetch public government sites; it also specifies storing LLM API keys in ~/.openclaw/.env and running evaluate scripts on PDF content. These instructions stay within the declared purpose, but they do instruct the agent to read/write local files (eval_data/, ~/.openclaw/.env, history.jsonl) and to make outbound HTTP requests to public sites. The skill also suggests using install-service.sh and exposing endpoints via ngrok — actions that increase network exposure and should be reviewed by the user before execution.
Install Mechanism: okNo external download/install step in registry metadata (instruction-only install). The package includes source files bundled with the skill; there is no installer that fetches remote archives. That is lower risk than remote downloads. The bundle does include a script that can install a system service (install-service.sh mentioned in README) — review that script before running.
Credentials: noteSKILL.md documents optional LLM API keys (GEMINI/OPENROUTER/ANTHROPIC/OPENAI) and optional SaaS/Supabase variables for managed mode or feedback storage. Those environment variables are coherent with the described LLM and persistence features. The skill does recommend storing API keys in ~/.openclaw/.env (chmod 600 suggested) — this is expected but worth noting because secrets are persisted to disk. No unrelated credentials (AWS, SSH, etc.) are requested by default.
Persistence & Privilege: noteThe skill does not request always:true and uses default autonomous invocation behavior. It will run a local HTTP server, create and append to local data files (eval_data/*.jsonl, history.jsonl, ~/.openclaw/.env), and the README mentions installing a system service. These behaviors are consistent with a local agent/toolset but do mean the skill will persist data and open network endpoints if you run the server or the install-service script — review those steps and firewall settings before exposing anything publicly. The SKILL.md includes sensible cautions (admin API restricted to localhost, advice to block /api/keys/* via nginx/firewall).