Skillv1.0.0

ClawScan security

Coding Sessions · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 3:04 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The instructions mostly match the stated goal (running long-lived coding agents) but the skill omits required binaries/credentials and makes assumptions about tooling and file locations that are not declared — this mismatch could lead to unexpected access or behavior.
Guidance: This skill appears to be what it advertises (helpers for running long-lived coding agents), but it omits important implementation details. Before installing or using it, verify you have the required tools (tmux, the codex/ralph/ralphy CLIs, git, openclaw) and understand where credentials live (e.g., ~/.codex). Be cautious running or enabling '--full-auto' agents in repositories with sensitive data: those agents can execute arbitrary commands and modify files. Consider updating or requesting the skill author to: (1) declare required binaries and any credentials in the manifest, (2) fix inconsistent names/typos (e.g., 'Ralph' vs 'ralphy'), and (3) document what the openclaw event sends. If you don’t trust the agent CLIs, do not run these commands in production or sensitive projects and run them in an isolated environment.

Review Dimensions

Purpose & Capability: concernThe skill claims to orchestrate long-running coding agents but the SKILL.md requires/assumes tmux, codex, ralphy/ralph (agent CLIs), git, and an openclaw CLI hook, plus a Homebrew PATH. None of these required binaries or credentials are declared in the skill metadata, which is an incoherence: a user would reasonably expect the manifest to list required tools and credentials.
Instruction Scope: noteRuntime instructions stay within the described purpose (start agents in tmux, monitor output, run verification via git). However the instructions also reference reading user-local logs (~/.codex/log), running auth commands (codex auth login), and writing 'daily notes' (memory/YYYY-MM-DD.md). These are reasonable for this task but broaden the scope to reading/writing user files and invoking auth flows — the skill should have declared that.
Install Mechanism: okNo install spec (instruction-only). This reduces install-time risk because nothing is downloaded or written by an installer. Risk comes from the commands the user/agent will run at runtime, not the installer.
Credentials: concernThe skill declares no required environment variables or credentials but the instructions implicitly rely on existing credentials/config (e.g., codex tokens, possibly Homebrew-installed binaries in /opt/homebrew/bin). Expectation of sensitive tokens or auth state (and calls like `codex auth login`) should be reflected in the manifest; omission is disproportionate and opaque.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide privileges. It asks the agent to create long-lived tmux sessions and log to a local 'memory' file, which is consistent with its purpose and does not appear to alter other skills or global configuration.