Skillv0.3.0

ClawScan security

YouAM · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 24, 2026, 5:51 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are consistent with a messaging client: it expects a 'uam' CLI and offers a Python plugin interface, will generate/read agent keys on disk, and communicates with UAM relays — but the install mechanism and a small mismatch between the declared install and the shown Python plugin are worth verifying before install.
Guidance: This skill appears to be what it says: a client for the Universal Agent Messaging protocol. Before installing, consider: 1) Verify the installer provenance — the install uses a 'uv' package named 'youam' but the bundle includes no URLs or code to inspect; confirm where 'uv' pulls packages from and that the youam package is from the official project (docs.youam.network). 2) Expect local key material to be created and read from disk when you run 'uam init' or when the plugin auto-detects keys; ensure you’re comfortable with keys being stored on the host and review where they will be written if possible. 3) The skill communicates over network relays and will share a signed contact card (address, public key, relay URL) with peers — treat it like any network messaging client. 4) The SKILL.md references a Python plugin (uam.plugin.openclaw); confirm the installed package actually provides that module if you plan to use the native channel. If you want higher assurance, obtain the package from its official project/release page, inspect the package contents before installation, or run it in an isolated environment.

Review Dimensions

Purpose & Capability: okName/description (UAM messaging) aligns with what the skill asks for: a 'uam' CLI and a native plugin API for sending/receiving messages. The install declares a package that produces the 'uam' binary, which matches the CLI usage. Minor note: the SKILL.md shows a Python module import (uam.plugin.openclaw); the install only declares creation of the 'uam' binary (no explicit Python package declaration). This could be legitimate if the package provides both the CLI and Python module, but it's a minor mismatch to confirm.
Instruction Scope: noteInstructions are narrowly scoped to messaging operations (init, send, inbox, contacts, block, verify-domain) and to using the provided Python channel. They do instruct the user/agent to initialize and thus generate/read persistent encryption keys on disk and auto-detect existing keys/hostname, which means the skill will read/write local key files. The skill also communicates with external relays (expected for a messaging client). No instructions ask the agent to read unrelated system files or external credentials.
Install Mechanism: noteAn install spec exists (kind: 'uv', package: 'youam') that creates the 'uam' binary. 'uv' is not further explained here (no URLs or release host included), so provenance is unclear. There is no direct download URL in the spec and no code files to inspect in the bundle, so you should verify where the 'uv' package manager pulls the package from before installing.
Credentials: okThe skill requests no environment variables or external credentials, which is proportional. It does use and create local encryption keys and exposes a contact card (address, public key, relay URL) — these are expected for a messaging client but are persisted on disk and shared with peers, so users should be aware of that data flow.
Persistence & Privilege: okThe skill is not forced-always-present and can be invoked by the user. It will create/read its own keys on disk (normal for a messaging agent) but does not request system-wide config changes or other skills' credentials.