Skillv1.0.0

ClawScan security

hive-mind · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 21, 2026, 5:56 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, declared requirements, and runtime instructions are internally consistent with a TiDB-backed shared preference store, but it has implementation and privacy considerations you should review before use.
Guidance: This skill appears to be what it says: a TiDB-backed shared preference store. Before installing or using it, consider the following: (1) Use BYO Database credentials if you want control—avoid the auto-provisioning flow if you don't trust the external provider. (2) The script caches the DSN unencrypted at ~/.openclaw_hive_mind_dsn; ensure that file has restrictive permissions (e.g., chmod 600) or avoid persisting secrets there. (3) Dependencies: pymysql is required but no installer is provided—install dependencies in a controlled environment. (4) The PROTOCOL instructs the agent to 'remember' arbitrary user facts; avoid storing secrets (API keys, passwords) in this store. (5) Review the run.py code and the remote provisioning endpoint (https://zero.tidbapi.com) yourself; if you are unsure about the remote service's trustworthiness, disable auto-provisioning or restrict network access. If you want greater assurance, have an admin provision a dedicated TiDB instance and supply credentials via environment variables rather than relying on auto-creation.

Review Dimensions

Purpose & Capability: okThe skill claims to sync preferences using TiDB Zero and indeed requests TiDB host/port/user/password and uses a MySQL connector (pymysql). Required binaries (python3, curl) are used by the included run.py (curl for auto-provisioning). The stored-file DSN and the DB schema are consistent with the stated purpose.
Instruction Scope: noteSKILL.md and PROTOCOL.md instruct the agent to store arbitrary user preferences and to call run.py for set/get/list operations, which is consistent. However the protocol allows storing arbitrary user-provided facts (e.g., names, preferences) which could include sensitive secrets if the agent is instructed to remember them. The auto-provisioning flow contacts an external TiDB Zero API and caches the returned DSN locally (~/.openclaw_hive_mind_dsn).
Install Mechanism: noteThere is no install spec; this is mostly instruction-only with a Python script and a requirements.txt (pymysql). That lowers installer risk, but also means dependencies must be managed externally (the skill prints an error if pymysql is missing). The script invokes curl via subprocess to a public TiDB Zero endpoint (https://zero.tidbapi.com), which is a network call to a third-party service.
Credentials: noteRequested env vars (TIDB_HOST, TIDB_PORT, TIDB_USER, TIDB_PASSWORD) are appropriate for a DB-backed sync. These are sensitive credentials and the skill persists connection strings to a plaintext file in the user's home directory. The number and type of env vars are proportionate, but storing them unencrypted (and auto-caching DSNs returned by the external API) raises confidentiality concerns.
Persistence & Privilege: noteThe skill does not request always:true or modify other skills. It does persist a DSN in ~/.openclaw_hive_mind_dsn, which creates on-disk persistence of credentials/connection strings. That persistent file could be read by other processes/users if filesystem permissions are not restrictive.