Back to skill
Skillv0.6.2
ClawScan security
Macos Bridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 11:28 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and included scripts are consistent with its stated purpose: installing SSH-backed wrappers on a Linux gateway to call macOS-owned tools on a trusted LAN — no unexplained credential or network access is requested.
- Guidance
- This skill appears coherent for its stated purpose, but review and consider the following before installing: ensure the target Linux gateway and Macs are on a trusted LAN (the wrappers will SSH to the Macs and may send Wake-on-LAN broadcast packets); provide explicit --ssh-key and --known-hosts or verify SSH host keys to avoid MITM risks; inspect the generated wrapper scripts in the chosen target directory before making them executable (they run remote binaries via SSH); confirm the remote macOS binaries exist and have appropriate permissions; and be aware the skill requires python3 for OpenClaw config parsing and Wake-on-LAN support. If you do not trust the network or the remote hosts, do not use this bridge.
Review Dimensions
- Purpose & Capability
- okThe name/description match the shipped scripts and SKILL.md. The bundle only needs SSH reachability, an OpenClaw config for auto-discovery, and (optionally) Wake-on-LAN mapping — all appropriate for bridging macOS tools to Linux wrappers.
- Instruction Scope
- okRuntime instructions and scripts only read the provided OpenClaw config (or $HOME/.openclaw/openclaw.json), create local wrapper scripts in the target dir, invoke SSH to the discovered Mac hosts, and optionally send Wake-on-LAN UDP broadcasts on the local network. They do not call external web endpoints or request unrelated system files or environment secrets.
- Install Mechanism
- okThis is instruction-only (no package manager downloads). All code is included in the skill bundle (bash scripts and small Python snippets) and nothing is fetched from arbitrary URLs or remote servers during install.
- Credentials
- okThe skill does not declare required env vars or credentials. It accepts optional SSH key and known_hosts file paths as arguments (reasonable for SSH use). There are no unexplained SECRET/TOKEN requirements.
- Persistence & Privilege
- okalways:false and no attempt to modify other skills or global agent settings. The scripts write wrappers only to the user-specified target directory and do not request persistent elevated privileges.