Skillv0.1.5

ClawScan security

Agentsec · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 6:14 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: Agentsec's requirements and instructions match its purpose as a local skill-auditing CLI, but it will read many user skill directories and runs code from the npm registry when invoked via npx, so review the published package and limit scan scope if you need tighter privacy.
Guidance: Agentsec appears coherent for its stated purpose, but be aware of three practical risks before running it: (1) npx agentsec will download and execute the 'agentsec' package from the npm registry at runtime—review the package (author, versions, changelog) and prefer a pinned version or inspect the package contents before executing; (2) the tool auto-discovers and reads many skill directories (home, project, and system paths). If you want to limit exposure, run with --path to target a specific directory or run in a confined environment/container; (3) SKILL.md references OPENCLAW_PROFILE but doesn't declare it—if you use that environment variable, know it can influence which paths are scanned. Recommended steps: inspect the npm package source or homepage (https://agentsec.sh), run the first scan in a sandbox or CI runner with limited access, use --path/--platform flags to narrow scope, and prefer installing a known-good pinned version instead of unpinned npx invocation.
Findings: [no_code_files_to_scan] expected: This skill is instruction-only (SKILL.md only). The regex-based scanner had no code files to analyze; however, runtime behavior depends on the npm 'agentsec' package that will be fetched/executed when you run npx.

Review Dimensions

Purpose & Capability: okThe skill's name, description, and runtime instructions all describe a tool that audits agent skills. The declared anyBins (agentsec, npx, bunx) and the node install spec for the 'agentsec' npm package are proportionate and expected for a CLI auditing tool.
Instruction Scope: noteSKILL.md instructs you to run 'npx agentsec' which auto-discovers and scans many skill directories (user home, project folders, platform-specific paths, and /etc for some platforms). Reading those directories and files is expected for an auditor, but it is broad (potentially touches many personal and system files). There is no instruction to exfiltrate results to external endpoints; reports are generated locally.
Install Mechanism: noteInstallation/run guidance uses npm/bun (npx or global install). This is a standard mechanism but npx will fetch and execute code from the npm registry at runtime — a moderate-risk operation compared with an instruction-only skill. The install does not use arbitrary URLs or archives, and the package comes from the npm ecosystem (traceable), not a personal server.
Credentials: noteNo secrets or credentials are requested (requires.env is empty), which is appropriate. SKILL.md references OPENCLAW_PROFILE for locating OpenClaw profiles, but this environment variable is not declared in the metadata — a minor inconsistency that should be documented. No hidden credentials or unrelated environment variables are required.
Persistence & Privilege: okThe skill does not request always: true and does not declare elevated platform-wide privileges. Autonomous invocation is allowed (default), which is normal for skills. The tool's ability to read many directories is a functional requirement rather than an unexplained privilege request.