Back to skill
Skillv1.1.0
ClawScan security
Agent Task Status · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 9:21 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (reading local OpenClaw agent session indexes and transcripts to report assignment/report status); it requires no secrets or external installs and does not contact external endpoints.
- Guidance
- This skill reads local OpenClaw agent session indexes and transcript files (default ~/.openclaw/agents). Before installing: review whether those transcripts contain sensitive data you don't want exposed; confirm the agents root (--base or OPENCLAW_AGENTS_BASE) is correct and limited to the data you intend to inspect; prefer running the script in a safe context or with a read-only copy of transcripts if you have multi-tenant concerns. The bundle includes the full Python source — if you have security concerns, scan that file for unexpected network calls or file writes (the supplied script appears to only perform local file reads and optional output-file writes). Finally, when using automation, be mindful that the agent platform may invoke the skill autonomously — limit the skill's scope via the --base flag and avoid pointing it at system-wide or other users' directories.
Review Dimensions
- Purpose & Capability
- okThe name/description ask to verify assignment delivery and report status; the bundled script reads a configurable agents root (default ~/.openclaw/agents), session index files, and transcript files to extract assignments and assistant reports — exactly what the skill claims to do. No unrelated services or credentials are requested.
- Instruction Scope
- okSKILL.md instructs running the included Python script against local session indexes and transcripts and documents flags for agent lists, base path, markers, filters, and output formats. The instructions limit actions to file reads and local output; they do not instruct network exfiltration or scanning of unrelated system paths. Note: SKILL.md and the script reference optional environment variables (OPENCLAW_*) as overrides, but these are optional and used only to change the local paths/keywords.
- Install Mechanism
- okThere is no install spec; this is an instruction-only skill plus a local Python script. No packages are downloaded or installed by the skill bundle.
- Credentials
- noteThe skill declares no required environment variables or credentials. The script does read several optional env vars (OPENCLAW_AGENTS_BASE, OPENCLAW_SESSION_KEY_TEMPLATE, OPENCLAW_OUTPUT_FORMAT, etc.) as user overrides; this is proportional to its configurability. There are no requests for unrelated secrets or cloud credentials.
- Persistence & Privilege
- okalways is false and the skill does not request persistent platform privileges. The script reads and can write an output file (user-specified) but does not alter other skills' configs or system-wide settings. Autonomous invocation is allowed by default (platform normal) but the skill's actions remain file-scoped.