Back to skill
Skillv1.0.0
ClawScan security
Skill Discovery · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 3:55 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested actions and instructions match its stated purpose (search and install skills from ClawHub); it is an instruction-only helper that relies on the openclaw CLI and user confirmation before installing third-party skills.
- Guidance
- This skill is coherent and low-risk by itself: it runs the openclaw CLI to search and (with your confirmation) install skills from the public registry. Before using it, ensure the openclaw CLI and network access are available. When the agent shows candidate skills, review each skill's SKILL.md and any requested environment variables or permissions before installing. Be cautious about installing unfamiliar third-party skills (they can contain code or further installers). If you want tighter control, disable autonomous model invocation for skills or require explicit confirmation for any install, and prefer skills from trusted authors or with provenance/signatures.
Review Dimensions
- Purpose & Capability
- okThe name/description claim to search and install ClawHub skills and the SKILL.md explicitly calls the openclaw CLI to search/install—this is internally consistent. It does assume the openclaw CLI and network access are available, which is reasonable for this purpose but not declared in required binaries.
- Instruction Scope
- okInstructions are narrowly scoped: extract keywords, run 'openclaw skills search', present results, ask user before running 'openclaw skills install', and optionally read the installed SKILL.md. They do not ask the agent to read unrelated files or environment variables.
- Install Mechanism
- noteNo install spec in the package (instruction-only), so this skill itself does not write code. However it delegates installation to the openclaw CLI which will fetch third-party skills from ClawHub; the content and install mechanics of those skills are out of scope and carry usual network-download risks.
- Credentials
- okThe skill declares no environment variables or credentials and its instructions do not access secrets. Note: skills that the agent installs later may request credentials — that is expected but outside this skill's declared scope.
- Persistence & Privilege
- okalways is false and user-invocable is true. disable-model-invocation is false (normal) so the agent may autonomously invoke this skill to propose candidates, but the SKILL.md explicitly requires user confirmation before any install. This combination is coherent but means the agent could suggest installs without explicit user prompting.