Skillv1.0.2

ClawScan security

Agi Terminal Helper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 7:11 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only runbook for safely using OpenClaw's exec feature; its requested capabilities and instructions are coherent with that purpose and it does not ask for extra credentials, installs, or persistent privileges.
Guidance: This runbook appears coherent and safe: it encourages read-only checks, sandboxing, and explicit confirmation before risky operations, and it does not request credentials or installs. However, remember that any agent guidance that runs shell commands can still perform destructive actions if you approve them — always review the exact commands the agent proposes, refuse or inspect any curl|sh or similar install commands, and avoid granting access to sensitive directories (e.g., ~/.ssh, browser profiles) unless you explicitly intend to. If you require additional assurance, ask the skill to print the exact command it will run and the target working directory before execution.

Review Dimensions

Purpose & Capability: okName and description describe a terminal/runbook helper; the SKILL.md only references workspace paths, simple diagnostic commands (pwd, ls, git status, rg, cat, head, tail), sandbox vs host execution, and explicit confirmation for risky actions — all of which are directly relevant to a terminal helper.
Instruction Scope: okRuntime instructions stay within the stated scope: they prioritize read-only exploration, ask to state intent before running exec, require explicit confirmation for destructive or privileged actions, and avoid automatic install scripts or secret echoing. The skill does tell the agent to examine workspace files and skill frontmatter (expected for diagnosing skill loading). There is no instruction to collect or exfiltrate unrelated data or call external endpoints.
Install Mechanism: okNo install spec and no code files are present — this is instruction-only, so nothing will be written or downloaded during install. That minimizes install-time risk.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. The SKILL.md explicitly notes sandbox env separation and warns against pasting secrets, so requested environment/credential access is proportionate.
Persistence & Privilege: okFlags are default: not always, user-invocable, and model invocation enabled. The skill does not request permanent presence or modifications to other skills or global config; it only provides procedural guidance for running exec safely.