Skill Analyst Zh
AdvisoryAudited by VirusTotal on Apr 4, 2026.
Overview
Type: OpenClaw Skill Name: skill-analyst-zh Version: 1.1.0 The skill-analyst-zh bundle is a utility designed to help users evaluate OpenClaw skills before installation or publication. It uses the legitimate 'clawhub' CLI to search and inspect skills and reads the local '~/.openclaw/skills/' directory to identify overlaps, which is consistent with its stated purpose. No malicious behaviors, data exfiltration, or obfuscation were detected in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may query ClawHub and read installed skill descriptions to build its analysis report.
The skill directs use of the ClawHub CLI and local skill metadata. This is central to its comparison/review purpose and not destructive, but it is still tool and local-file access the user should understand.
用 `clawhub search <关键词>` 搜索 ClawHub 上的同类 skill ... 扫描 `~/.openclaw/skills/` 目录下的 SKILL.md 文件,或用 `clawhub list` 查看。
Use a trusted clawhub CLI, provide clear target skill names or search terms, and review the report before deciding to install or publish a skill.
The skill may fail or may rely on whichever clawhub executable is available in the user's environment.
The skill documentation says the clawhub CLI is needed, but the registry metadata does not declare it as a required binary. This is a dependency declaration gap rather than evidence of unsafe behavior.
Description: ... 需要 `clawhub` CLI 可用 ... Required binaries (all must exist): none
Install or verify a trusted clawhub CLI before use, and the publisher should declare the binary requirement in metadata.