Skillv3.5.7

ClawScan security

Catchclaw Agentar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 21, 2026, 8:38 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (search/install/export agentars) matches the bundled CLI and instructions; required files/paths and network access are proportional, though there are a few minor inconsistencies worth noting before install.
Guidance: This skill appears to do what it claims: it runs a bundled Node CLI to talk to a CatchClaw marketplace, download agentar ZIPs, and read/write OpenClaw workspaces. Before using it: 1) Verify the CLI locally as SKILL.md requires (run `node <skill-dir>/agentar_cli.mjs version`) and inspect the code if you have concerns. 2) Note that registry metadata says two env vars are required but the SKILL.md says they are optional — you can omit them to use defaults; set AGENTAR_API_BASE_URL only if you need a custom server. 3) When installing, be explicit about install mode (new vs overwrite) and avoid passing API keys unless you trust the agentar; supplied keys are saved to a local skills/.credentials file. 4) If you need higher assurance, review the full agentar_cli.mjs (it uses only Node builtins but includes a slightly unusual dynamic lookup of child_process, which appears functional rather than malicious).

Review Dimensions

Purpose & Capability: okName/description, the bundled Node CLI, and the declared config paths (~/.agentar, ~/.openclaw/workspace, agentar-exports) all align with a tool that finds, installs, and packages agent archives. Requiring the node binary is expected.
Instruction Scope: noteSKILL.md instructs the agent to verify and then run the bundled CLI to search/install/export/rollback; all referenced files and operations (backup, overwrite, export filtering of sensitive files) are within the skill's stated domain. One procedural inconsistency: the registry marks AGENTAR_API_BASE_URL and AGENTAR_HOME as required env vars, but SKILL.md explicitly says both are optional and defaults exist.
Install Mechanism: okThere is no external install step; the CLI is bundled in the skill and uses only Node builtins. The CLI performs HTTP requests and may download agentar ZIPs from the marketplace URL (default https://catchclaw.me), which is expected behavior for this purpose.
Credentials: noteOnly two env vars are referenced (API base URL and CLI home), and they are optional per SKILL.md — this is proportional. The skill will read/write the listed OpenClaw workspace paths and may write a local skills/.credentials file if the user supplies an --api-key. The registry's 'required env vars' claim is misleading.
Persistence & Privilege: okThe skill does not request always:true, and autonomous invocation is default but not excessive here. It persists data only to its own CLI home (~/.agentar), backups, and OpenClaw workspace locations it manages as part of install/export/rollback, which is consistent with its functionality.