Back to skill
Skillv2.0.0
ClawScan security
Approve Pairing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 23, 2026, 8:22 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and script do what the description says — directly edit OpenClaw credential files to approve pairings — with only minor documentation inconsistencies and no network access or secret requests.
- Guidance
- This skill directly edits your OpenClaw credential files to approve a sender. That is the intended behavior, but it's powerful: only run the script locally on a machine you trust and after verifying the pairing code and sender ID. Before running, (1) inspect the script (it's included) to confirm it will target the correct credentials directory; (2) back up ~/.openclaw/credentials; (3) be aware of the documentation mismatch — the script uses '<channel>-allowFrom.json' for empty accountId whereas the SKILL.md mentions '<channel>-default-allowFrom.json'; and (4) note the script respects OPENCLAW_CREDENTIALS_DIR if set (SKILL.md doesn't mention this). Prefer the official 'openclaw pairing approve' CLI when available; use this only when you understand and accept the filesystem changes.
Review Dimensions
- Purpose & Capability
- okThe Python script reads and writes the same ~/.openclaw/credentials files the SKILL.md describes and implements the described approve-by-editing workflow. No unrelated binaries, services, or credentials are requested.
- Instruction Scope
- noteInstructions are narrowly scoped to reading and updating pairing/allowlist JSON files. Minor inconsistencies between SKILL.md and the script: SKILL.md says a missing/empty accountId should map to '<channel>-default-allowFrom.json', while the script uses '<channel>-allowFrom.json' for an absent accountId. SKILL.md also does not document the optional OPENCLAW_CREDENTIALS_DIR environment variable the script supports.
- Install Mechanism
- okNo install spec is present (instruction-only skill with one included script). Nothing is downloaded or installed; the risk surface is limited to running the provided local script.
- Credentials
- noteThe skill requests no credentials and does not call external endpoints. It does read an optional OPENCLAW_CREDENTIALS_DIR env var (not declared in the SKILL.md). This is reasonable but should be noted because it can change which files are modified.
- Persistence & Privilege
- okThe skill is not always-on, does not request elevated platform privileges, and does not modify other skills or global agent configuration. Its effect is limited to filesystem edits in the credentials directory.