Skillv1.0.0

ClawScan security

Gateway Validator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 12:14 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are internally consistent with a gateway-configuration validator: it reads OpenClaw config files, tests provider APIs, can spin up a temporary gateway, and can apply changes — but it will read and transmit provider API keys from your config and can overwrite/restart production gateway processes, so use caution.
Guidance: This skill appears to do what it says, but it touches sensitive areas: - It reads your OpenClaw config (from ~/.openclaw and /etc), so provider API keys stored there will be read and sent to the provider endpoints to validate credentials — this is required for validation but is sensitive. - It can overwrite the production config and restart the gateway (apply_change.py). Confirm whether you (or your agent) want automated apply+restart behavior; prefer a manual confirmation step before applying changes. - The temporary gateway start/port detection is imperfect in the scripts; consider running the validation in a safe staging environment first. Recommendations before installing/using: 1) Review your config file contents for secrets you don't want transmitted. If you prefer, remove or mask non-essential keys before running validation. 2) Run provider validation (scripts/test_provider.py or scripts/validate_config.py) manually to observe behavior before enabling autonomous agent-run operations. 3) Ensure backups are accessible (apply_change.py creates backups under the config directory) and that you have a rollback plan. 4) Restrict the agent so it asks for explicit confirmation before running apply_change.py or performing restarts. If you want, I can extract the exact commands the skill would run for a dry-run and suggest a safer invocation policy (e.g., validation-only mode without auto-apply).

Review Dimensions

Purpose & Capability: okThe name/description match what the files implement: reading OpenClaw config, validating syntax, testing providers via their HTTP APIs, optionally starting a temp gateway, and applying validated config to production. Required actions (reading ~/.openclaw and /etc config, calling provider endpoints, invoking the 'openclaw' binary, backing up and writing config files) are expected for this purpose.
Instruction Scope: noteSKILL.md promises automatic validation and the scripts implement the three validation levels. The scripts will read config files (home and /etc), perform network requests to provider endpoints using API keys found in the config, may start processes (openclaw gateway), and can apply changes to production. All of these are within scope, but they involve transmitting sensitive API keys and performing production changes — the README's claim to 'automatically use this when you request gateway changes' means the agent could run these operations without further manual checks unless the agent is constrained.
Install Mechanism: okNo install spec; this is instruction+script-only. No external downloads or package installs are declared. The code uses standard Python stdlib and attempts to import PyYAML if available; lack of install spec means nothing is written to disk by an installer beyond whatever the agent runtime does when executing the included scripts.
Credentials: noteThe skill doesn't request environment variables or external credentials directly, but it reads provider API keys from the OpenClaw config files (e.g., ~/.openclaw/config.yaml or /etc/openclaw/*). Sending those API keys to provider endpoints is necessary for validation, but is sensitive. The scripts do not request unrelated credentials; they do expect read/write access to config paths and ability to execute the 'openclaw' binary.
Persistence & Privilege: concernThe skill includes apply_change.py which will overwrite the production config file (after creating a backup) and attempt to restart the gateway via 'openclaw gateway restart'. While this is coherent with the stated purpose, it's a high-impact operation: if the agent invokes apply_change without explicit user confirmation the production gateway could be changed or restarted unexpectedly. The skill is not 'always: true', but the SKILL.md says it will be used 'automatically' when the user requests gateway changes — make sure the agent prompts the user before performing apply/change actions.