Back to skill
Skillv3.7.5
ClawScan security
CatchClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 3, 2026, 1:38 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose: it bundles a Node CLI to search/install/export agentars, requires only node, and reads/writes the documented agentar/openclaw paths — nothing requested appears unrelated or excessive.
- Guidance
- This skill appears to do exactly what it claims: it provides a bundled Node CLI to manage agentars and teams and operates on the documented agent/workspace directories. Before using it: (1) follow the SKILL.md hard-gate and run the bundled CLI version check (node <skill-dir>/agentar_cli.mjs version) in a safe sandbox; (2) back up ~/.openclaw/workspace before any install that might use --overwrite; (3) avoid supplying an API key unless necessary — if you do, note it will be saved locally under the skill (skills/.credentials); (4) although the CLI claims GET-only network behavior, reviewers should inspect the full agentar_cli.mjs (or run it in an isolated environment) to be certain; and (5) if you have sensitive agent state, prefer exporting/backing up first rather than installing new agentars that overwrite the main workspace.
Review Dimensions
- Purpose & Capability
- okName/description (agentar manager) aligns with what is present: a bundled Node CLI (agentar_cli.mjs) and SKILL.md that document searching, installing, exporting agentars and teams. Required binaries (node) and documented config paths (~/.agentar, ~/.openclaw/...) are expected for this functionality.
- Instruction Scope
- noteSKILL.md restricts actions with hard-gates (verify bundled CLI version before any operation) and documents exact commands. It explicitly reads/writes agent/workspace and team directories and can overwrite the main workspace when --overwrite is chosen. The instructions also allow storing an API key to a local skills/.credentials file when --api-key is used. These behaviors are within the scope of an agentar manager but carry real risk to user data if used carelessly (workspace overwrite, locally-stored credentials).
- Install Mechanism
- okNo remote install/download step for the skill itself — it's instruction-only with a bundled CLI file. The bundled agentar_cli.mjs uses only Node built-ins (no external downloads required by the skill). This is low-risk compared with arbitrary remote downloads.
- Credentials
- okNo required environment secrets; two optional env vars (AGENTAR_API_BASE_URL, AGENTAR_HOME) are reasonable for overriding defaults. The documented optional storage of an --api-key in a local credentials file is justified for agentars that require backend auth but is a sensitive action and is clearly documented as optional.
- Persistence & Privilege
- okSkill is not always-enabled, is user-invocable, and does not request elevated platform privileges. It reads/writes only its own and OpenClaw agent-related paths; it does not modify other skills' configuration. The main persistent risk is accidental workspace overwrite or saving API keys locally, both documented and gated by user prompts.