Skillv1.0.1

ClawScan security

Hunt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 6:36 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (finding and tracking online hackathons) is plausible, but its runtime instructions require file access, web fetching, cron scheduling, and Node.js assumptions that are not declared in the registry metadata and deserve clarification before installing.
Guidance: This skill appears to do what it says (find hackathons, save them to a map file, and set reminders) but it performs filesystem I/O and creates cron jobs — capabilities not declared in the registry metadata. Before installing: 1) Confirm that your environment allows the skill to use the web_fetch tool, create cron jobs, and write to ~/.openclaw/workspace/map.md. 2) Inspect USER.md to ensure it contains no sensitive credentials (the skill will read it). 3) Ask the publisher to update metadata to list required tools (web_fetch, cron, Node.js if needed) and required config paths. 4) If you prefer tighter control, only enable the skill for manual (user-invoked) use, or run it in a sandboxed environment where filesystem and scheduler effects are acceptable. If the author can explain why Node.js is mentioned despite no bundled code, and formally declare file/scheduling requirements, the inconsistencies would be resolved.

Review Dimensions

Purpose & Capability: noteName/description match the behavior: searching web listings, presenting results, persisting selections to a map, and scheduling reminders. However, the SKILL.md explicitly requires web_fetch, cron scheduling, file read/write to ~/.openclaw/workspace/map.md, and Node.js 18+ for bundled CLI tools — none of these requirements are declared in the registry metadata. That mismatch is unexpected and should be explained.
Instruction Scope: concernInstructions tell the agent to read USER.md for user profile and to read/write ~/.openclaw/workspace/map.md, set cron jobs, and browse several external sites. Reading user files and writing persistent trackers is within the stated purpose but is not declared in the skill metadata. The SKILL.md also asks to 'verify each result' by loading event pages (web fetching). There are no instructions that exfiltrate secrets or contact unknown endpoints, but file I/O and scheduling are sensitive operations that should be disclosed.
Install Mechanism: okInstruction-only skill (no install spec, no code files to execute). This is lower risk than packaged installs. The SKILL.md mentions Node.js 18+ for bundled CLI tools but no such tools are included; that inconsistency should be clarified (no binary downloads or install URLs are present).
Credentials: noteThe skill requests no environment variables or credentials (registry shows none required). This is appropriate for its purpose. However, the instructions access local files (USER.md and map.md) and schedule system events — these are reasonable for a tracker/reminder skill but are not declared in required config paths. Ensure USER.md doesn't contain secrets and confirm what data is written to map.md.
Persistence & Privilege: concernThe skill persists state by writing ~/.openclaw/workspace/map.md and creating cron jobs for reminders. It does not set always:true and is user-invocable only, which is good. Still, persistence (filesystem writes + scheduled jobs) is a meaningful privilege; the registry metadata should explicitly declare these capabilities and the user should be aware that scheduled system events will be created and later cancelled by the skill.