Back to skill
Skillv1.0.0
ClawScan security
Skill Discovery · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 3:50 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent for a 'skill discovery' helper: it describes searching ClawHub, presenting results, and asking the user before installing — but there are a few small implementation omissions and operational risks to be aware of.
- Guidance
- This skill is reasonable for discovering and installing other skills, but check two things before using it: (1) ensure the host environment provides the 'openclaw' CLI (the SKILL.md expects it but the skill metadata doesn't declare it), and (2) treat installations from ClawHub as potentially risky — always review the candidate skill's SKILL.md (and ideally its code/release/source) before approving installation and restarting your agent.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md behavior matches the described purpose (searching ClawHub and installing chosen skills). However, the instructions rely on an 'openclaw' CLI (openclaw skills search / install) while the skill metadata declares no required binaries — a minor mismatch that should be declared so runtime environments know the dependency.
- Instruction Scope
- okInstructions are narrowly scoped to: extracting keywords, running search/install commands, showing results, and asking for explicit user confirmation before installing. The skill does not instruct the agent to read unrelated files, exfiltrate data, or access secrets.
- Install Mechanism
- noteThis is an instruction-only skill (no install spec), which is low risk for the skill itself. That said, following its workflow will cause the agent to invoke the platform's installer to fetch and install third-party skills from ClawHub — which necessarily pulls code from an external registry. The SKILL.md does not describe vetting or permission checks for installed skills; that risk is inherent to installing arbitrary registry packages.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The SKILL.md likewise does not ask for secrets or unrelated credentials.
- Persistence & Privilege
- okThe skill does not request permanent 'always' inclusion or elevated system privileges. It instructs to always ask the user before installing new skills. Note: autonomous model invocation is permitted by policy by default, but this skill's instructions require explicit user confirmation for installs, reducing risk.