Skillv1.0.0

ClawScan security

Amigo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 11:37 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Internally consistent: an instruction-only companion skill that coordinates two sub-skills, reads/writes local workspace files, and uses OpenClaw scheduling; it asks for no credentials or external downloads.
Guidance: This skill looks coherent with its stated purpose, but review a few things before enabling it: 1) Inspect and control filesystem locations it will read/write (~/.openclaw/workspace and the social-graph files). Those files will contain personal preferences and sharing logs — set file permissions and backups as you see fit. 2) Start in manual mode before enabling cron/heartbeat scheduling so you can inspect example journal entries and sharing-log behavior. 3) Check which model the platform will use for background explorations (lighter models save tokens and reduce exposure). 4) Confirm the social-graph templates and sharing rules do not cause the agent to attempt to collect undisclosed personal data; enforce the documented safety guidance in practice and audit logs occasionally. 5) Ensure OpenClaw's cron/heartbeat and file access permissions match your privacy expectations. If you want more assurance, request the actual open-thoughts and social-graph SKILL.md code to review how they read/write the files and whether they call any external endpoints.

Review Dimensions

Purpose & Capability: okThe name/description match the instructions: the skill wires together an exploration engine and a social-graph and describes journaling and sharing rules. Required actions (installing sub-skills, creating workspace files, scheduling cron/heartbeat jobs) are coherent with the stated companion/inner-life purpose.
Instruction Scope: noteSKILL.md instructs the agent to read and write files under ~/.openclaw/workspace (network.md, sharing-log.md, explorations/YYYY-MM-DD.md) and to invoke /open-thoughts via heartbeat/cron. This is within scope, but it means the agent will store and process per-person preferences and logs locally — a privacy consideration. The safety reference explicitly forbids secret research of the person, which is appropriate, but users should be aware these files will contain sensitive relationship data.
Install Mechanism: okNo install spec or external downloads are present — instruction-only. This minimizes code/install risk because nothing is fetched or written by an installer in the skill bundle itself.
Credentials: okThe skill declares no environment variables, binaries, or credentials. The only required accesses are to local OpenClaw workspace/config paths referenced in the instructions, which are proportional to the feature (journaling, network template, heartbeat cron).
Persistence & Privilege: notealways:false (normal). The skill expects the agent to be scheduled (cron/heartbeat) and to autonomously run exploration sessions — this is consistent with its purpose, but gives it the ability to run background sessions that create logs and consume model tokens. Users should review scheduling and token/budget impact and the files the agent will write.