Skillv1.0.1

ClawScan security

Family Ledger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 2, 2026, 3:26 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior matches a family ledger (reading/writing JSON ledger files and mapping senders), but its published metadata omits the fact that it requires read/write access to specific user workspace paths—this mismatch warrants caution.
Guidance: This skill appears to implement what it says (a local family ledger), but the published metadata did not list the configuration paths it reads/writes. Before installing: (1) confirm you trust the skill owner or request a homepage/source code; (2) back up ~/.openclaw/workspace/shared/ledger/ if it exists; (3) inspect the contents and permissions of user-mapping.json and the ledger files after first run; (4) ensure the agent's read/write tools only access the intended ledger directory (verify sandboxing/isolation if available); (5) ask the author to update metadata to declare the required config paths and to document whether any data is ever transmitted externally. These checks will reduce privacy/risk concerns. Additional info (source code or a homepage) would raise confidence to "high."

Purpose & Capability: noteName/description (家庭账本管理) align with instructions: creating/querying/updating three JSON ledgers (daily/social/borrow) and a user-mapping file. The file-based implementation is coherent with the stated purpose.
Instruction Scope: concernSKILL.md explicitly instructs the agent to read/write files under ~/.openclaw/workspace/shared/ledger/ and to use a user-mapping file to map sender_id → display name. However the skill metadata declared no required config paths. Instructions expect access to local user data and message metadata; that capability is reasonable for a ledger but the metadata omission is an inconsistency and a privacy surface to review.
Install Mechanism: okNo install spec and no code files (instruction-only). This minimizes installation risk — nothing is downloaded or written by an installer.
Credentials: okThe skill declares no environment variables or credentials and its functionality does not require external API keys. That is proportionate. Note: it does rely on platform-level read/write 'read'/'write' tools and message metadata (sender_id).
Persistence & Privilege: okalways:false and no special persistence or cross-skill configuration is requested. The skill does not claim autonomous permanent presence beyond normal agent invocation.