Skillv0.1.1

ClawScan security

Longevity OS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 9:09 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to be a multi-skill bundle but is instruction-only and references many missing scripts/subskills and local operations (clone/run scripts, edit cron, read OpenClaw config), so its stated purpose doesn't match the package contents — proceed cautiously.
Guidance: This package is instruction-only and references many files and scripts that are not included. Do not blindly run install commands from an unknown source. Before cloning or running anything: (1) inspect the remote GitHub repo contents (confirm scripts/, skills/, seed/, docs/) and open scripts/install_bundle.py to see exactly what it does; (2) review any installer or cron templates for network endpoints, uploads, or telemetry; (3) avoid running installers as root and run them in a sandbox or VM if possible; (4) verify that the repo maintainer is trustworthy and the repo content matches the bundle's claims; (5) if you want this skill to be installed, ask for the missing subskill files (skills/) or request that the publisher include the actual scripts in the package so you can review them locally before executing.

Review Dimensions

Purpose & Capability: concernThe description promises a multi-skill 'Longevity OS' bundle (snap, health, news, insights, daily-coach) but the package contains only an instruction file (SKILL.md) and README.md. The runtime instructions repeatedly reference scripts/, skills/, docs/install.md, seed/, and other files that are not included in the published skill. Requiring no env vars or binaries is inconsistent with an installer that expects to run Python install scripts and configure cron/Telegram integration.
Instruction Scope: concernSKILL.md tells the agent/user to clone the GitHub repo, run python3 scripts/install_bundle.py (with verify), copy seed data, edit cron templates (including inserting a Telegram DM chat id), and inspect local OpenClaw config (~/.openclaw/openclaw.json). Those actions involve downloading and executing code from a remote repo and reading/writing local config and cron entries. Many referenced files (docs/install.md, skills/*, scripts/*, seed/*) are not present in the packaged skill, so following the instructions would require fetching external content and running it locally.
Install Mechanism: noteThere is no explicit install spec in the registry (instruction-only), which is lower technical risk for the package itself. However, the instructions direct the user to clone and run code from the GitHub repo (python3 scripts/install_bundle.py). That implies executing remotely-hosted code not shipped in the skill — a higher-risk install path if the external repo or scripts are unreviewed.
Credentials: concernThe skill declares no required env vars or credentials, yet the instructions expect access to local OpenClaw config (~/.openclaw/openclaw.json), cron, and Telegram DM configuration (chat id). It also asks the user to seed local data directories and register extra skills paths. Reading/writing those local configs and scheduling cron jobs are reasonable for an installer, but the skill did not declare them and the actual scripts that would perform them are not present for review — this mismatch increases risk.
Persistence & Privilege: okThe skill is not marked always:true and doesn't attempt to modify other skills in its metadata. The instructions do ask the user to register the bundle with OpenClaw (skills.load.extraDirs) and to add cron jobs, which are expected for a bundle installer, but those operations would be performed by external scripts or manual steps, not by the packaged skill itself.