Skillv0.1.0

ClawScan security

task-progress-stream · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 10:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code matches the stated purpose (streaming/tailing logs into the OpenClaw chat) but there are coherence and privacy concerns: the script executes arbitrary commands, writes status/log files, and invokes an external 'openclaw' CLI (not declared) which can cause sensitive log data to be injected into chat.
Guidance: This skill appears to do what it says, but exercise caution before running it: - Review the included script (you already have the source) before use. - The script runs arbitrary shell commands (--cmd) and tails files; only point it at commands/logs you trust and control. - It calls the 'openclaw' CLI to inject messages into chat; ensure you understand what credentials/config that CLI will use and that you trust the destination chat session. - Logs and stdout/stderr may contain secrets (API keys, tokens, PII); sanitize logs or restrict what is tailed to avoid accidental exfiltration. - Note the registry metadata omitted the dependency on the 'openclaw' binary; ensure the binary path and behavior are acceptable in your environment. - Prefer running this in an isolated environment or with minimal privileges; consider using an explicit out-dir in a controlled location and cleaning up produced files after use. If you need higher confidence, request the full untruncated source, confirm any CLI dependencies, and test in a safe sandbox first.

Review Dimensions

Purpose & Capability: concernThe skill's name and description match the code: it runs commands or tails logs and injects progress into chat. However the registry metadata declares no required binaries while the script spawns the external 'openclaw' CLI and uses '/bin/bash' to run arbitrary --cmd strings. The missing declared binary dependency (openclaw) is an incoherence the user should notice.
Instruction Scope: concernSKILL.md and the script instruct running arbitrary commands or tailing arbitrary files and periodically injecting parsed summaries/last log lines into a chat session. That scope is broad and can result in leaking sensitive contents from stdout/stderr or log files into the OpenClaw chat. The instructions give the agent broad discretion to run and monitor anything the user points at.
Install Mechanism: okNo install spec is provided (instruction-only plus an included JS script), so nothing will be automatically downloaded or written by an installer. The script itself writes status/log files when executed, which is expected behavior for this utility.
Credentials: concernThe skill declares no required environment variables or credentials, but it invokes the 'openclaw' CLI which will use the agent's existing OpenClaw credentials/configuration on disk; this is not declared. Additionally, because the tool transmits parsed log text and 'lastLine' to chat, secrets present in logs (API keys, tokens, paths, stack traces) could be exfiltrated to chat unintentionally.
Persistence & Privilege: okalways is false and the skill does not request elevated platform privileges. It writes per-task status files under an output directory (default runs/task-progress-stream) but does not modify other skills or system-wide settings.