Skillv2.0.2

ClawScan security

Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 6:43 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, runtime instructions, and install/uninstall scripts are coherent with its stated purpose (a local AgentShield detection engine that integrates with OpenClaw); nothing in the package indicates it is trying to do unrelated or hidden actions, though the installer will persist a local service and download binaries from the network so you should verify trust before installing.
Guidance: This package appears internally consistent with its stated purpose, but take these precautions before installing: 1) Verify you trust the upstream GitHub repository and the npm plugin (@agentshield-ai/openclaw-plugin) the installer may install. 2) Review release checksums (the installer will skip verification if SHA256SUMS are missing) or prefer building from source (the script supports `go install`). 3) Be aware the installer will create a persistent user service (systemd/launchd), create ~/.agentshield, and write an auth token into OpenClaw config — treat that token as sensitive. 4) If you enable LLM triage, use a dedicated API key with limited scope/quota. 5) If you lack confidence in the upstream project, inspect the downloaded binary or build from source and run the installer with AGENTSHIELD_E2E_MODE=1 to avoid automatic service registration and OpenClaw config patching.

Review Dimensions

Purpose & Capability: okName/description match behavior: the skill installs/starts a local detection engine, loads Sigma rules, and optionally uses an LLM for triage. The installer's actions (download/build binary, clone rules repo, create config, register service, integrate with OpenClaw) are expected for this purpose.
Instruction Scope: okSKILL.md instructs only to install/run a local service, manage rules, and optionally call LLM providers for triage. The installer patches OpenClaw config and installs an OpenClaw plugin — this is consistent with the skill's stated integration. The instructions do not request or read unrelated system secrets or network endpoints beyond GitHub/npm/LLM providers.
Install Mechanism: noteInstallation is via the included install.sh which downloads GitHub release archives (with checksum verification if available) and falls back to `go install`. Downloading and extracting remote binaries is normal for this project but increases risk if the upstream release or checksums are not trustworthy; the script warns/skips verification when checksums are unavailable. It also attempts to clone a rules repo and call OpenClaw CLI (and an npm plugin via OpenClaw).
Credentials: okNo unrelated credentials are requested. Optional LLM triage requires a provider API key (OpenAI/Anthropic) which is proportionate to the triage feature. The installer generates a local auth token and writes it into OpenClaw config so the local plugin can authenticate — this is expected but means the token will be present in OpenClaw configuration.
Persistence & Privilege: noteThe installer creates and enables a user-level systemd or launchd service and writes files under ~/.agentshield, which is appropriate for a continuously-running detection engine. The skill is not marked always:true; the persistence is standard for a local daemon but you should be aware it will run continuously with network capability.