Skillv1.0.2

ClawScan security

self-evolve-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 11:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (query/update self-evolve.club via curl) matches its instructions, but the runtime instructions tell the agent to read a local plugin key file and query OpenClaw config even though the skill metadata declares no required config paths or credentials—an inconsistency worth reviewing before install.
Guidance: This skill appears to do what it says (curl to self-evolve.club), but before installing: 1) confirm whether you want the agent to be able to read ~/.openclaw/plugins/self-evolve/remote-request-key.json (or another plugin config) — that file contains a sensitive requestKeyId; 2) ask the publisher to update the registry metadata to declare the required config path or credential so it's explicit; 3) inspect the local remote-request-key.json file contents and permissions; 4) if you don't want autonomous uses of your key, do not allow the agent to invoke skills autonomously or avoid storing a request key in that location; 5) note the SKILL.md has a duplicated curl example and minor sloppy documentation—ask for clarification of exact file paths and whether any other local files are accessed. Providing the declared config path or making the key requirement explicit would reduce the concern and could move this assessment toward benign.

Review Dimensions

Purpose & Capability: okName/description match the SKILL.md: all commands are curl calls to self-evolve.club endpoints (overview, leaderboard, user/profile endpoints). The listed operations are appropriate for the described purpose.
Instruction Scope: concernThe instructions explicitly tell the agent how to read a local key file (~/.openclaw/plugins/self-evolve/remote-request-key.json) (jq or a Python snippet) and to run `openclaw config get ...` to find a custom key path. Those file reads and the config query are outside the simple 'curl to an external API' surface implied by the metadata and are not declared in requires.config paths. This gives the skill the ability to access local plugin config and a local secret file if the agent follows the instructions.
Install Mechanism: okInstruction-only skill with no install spec or code files. No downloads or package installs are requested, which minimizes disk persistence risk.
Credentials: noteNo required env vars or primary credential are declared in metadata, but the instructions require a request key (REQUEST_KEY_ID) for personal endpoints and show how to read it from a local plugin JSON file. Requiring a personal API key for profile updates is reasonable, but the metadata should have declared the key/config path. Treat the key as a sensitive secret and confirm where it will be read from.
Persistence & Privilege: notealways:false (normal). The skill can be invoked autonomously (platform default). Combined with the ability to read a local key file and call remote endpoints, autonomous invocation could allow the agent to use your key without realtime prompts—this is expected for many skills but worth noting given the undocumented config access.