Skillv1.2.1

ClawScan security

Linux To Mac Bridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 3:17 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions align with its stated purpose (installing Linux-side SSH wrappers for Mac-backed tools); it asks for no unrelated credentials or external installs, but you should audit SSH keys, known_hosts, and the generated wrappers before use because they enable remote command execution on your Macs.
Guidance: This skill is coherent for the intended local-LAN use case, but it creates Linux wrappers that SSH into remote Macs and can run arbitrary commands there — treat it as granting remote execution to whichever SSH identity you configure. Before installing: (1) inspect the scripts (install-wrapper.sh is the wrapper template) to confirm the remote commands and escaping meet your policy; (2) provide an SSH key with limited rights and use a known_hosts file to avoid MITM risk; (3) ensure the OpenClaw config (~/.openclaw/openclaw.json) is trustworthy because the scripts may auto-discover remoteHost entries from it; (4) be aware Wake-on-LAN will broadcast packets on your LAN; (5) prefer the split 'macos-bridge' or 'homebrew-bridge' skills if they better match your needs. If you need stronger assurance, run the scripts in a controlled test environment first.

Review Dimensions

Purpose & Capability: okName/description match what the code does: the scripts render a tool map, create SSH-backed wrapper executables, verify them, and support Wake-on-LAN. Nothing in the files requests unrelated services or credentials.
Instruction Scope: noteSKILL.md directs running the included scripts and explicitly references reading ~/.openclaw/openclaw.json for auto-discovery. The scripts do read that config (if present) and require python3 for some operations; this behavior is consistent with the skill purpose but the SKILL.md does not declare python3 as a required runtime dependency nor explicitly list that the scripts will read the user's OpenClaw config file in $HOME. You should be aware the scripts will read that config and will create/written wrapper files into whatever --target-dir you supply.
Install Mechanism: noteThere is no remote install or URL download (instruction-only), but the package includes multiple executable scripts which will be written to disk and executed by the operator. This is a normal pattern for a wrapper installer, but you should review the included scripts before running them.
Credentials: okThe skill requests no environment variables or credentials. It optionally accepts an SSH key path and known-hosts file via script args (reasonable for SSH-based wrappers). No unrelated secret or cloud credentials are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It installs wrappers into a user-specified directory only and does not modify other skills or global agent settings.