Skillv1.1.1

ClawScan security

OCC for OpenClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 7:41 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's claims, required tools, and runtime instructions are coherent for an OpenClaw plugin that installs an npm package and optionally self-hosts a Cloudflare notary; the main risks are normal (installing a global npm package and sending compact proof metadata to a remote notary) rather than evidence of misdirection.
Guidance: This skill appears to do what it says, but take normal precautions before installing: 1) Review the npm package source (the SKILL.md links to the GitHub repo) before running `npm install -g` — global npm installs run code on your machine. 2) If you care about privacy, use "mode": "stub" (local-only) or self-host a notary; the default uses a third-party workers.dev notary that will receive compact proof metadata (tool name, timestamp, hash, counter). 3) Note the small metadata mismatch: registry metadata said no required binaries, but the SKILL.md lists npm, npx, curl, and wrangler — make sure those tools are acceptable in your environment. 4) If you will deploy the Cloudflare Worker, ensure you understand and secure your Cloudflare account and KV namespace. 5) Prefer verifying signatures/offline verification of saved public keys before trusting remote proofs.

Review Dimensions

Purpose & Capability: okThe skill is described as an OpenClaw plugin that commits OCC proofs; the SKILL.md instructs installing the npm package (openclaw-occ), configuring ~/.openclaw/workspace/occ.json, and optionally deploying a Cloudflare Worker notary. Those requirements are consistent with a plugin that records and posts proofs to notaries. Note: registry metadata listed no required binaries, but SKILL.md lists npm, npx, curl, and wrangler as required — this is a minor metadata mismatch but not a functional inconsistency.
Instruction Scope: okThe instructions stay within the plugin's stated scope: install the npm package, create the occ.json config, optionally deploy a Cloudflare Worker, and run verification commands (npx occ-verify, occ audit). The SKILL.md does not instruct reading unrelated system files or harvesting credentials. It does, however, instruct making network calls to the configured notary endpoints (default remote or user-supplied).
Install Mechanism: noteThis is an instruction-only skill (no install spec), but it tells users to run `npm install -g openclaw-occ` and to use npx/wrangler for deployment. Installing a global npm package will download and install code from the npm registry, which is normal for this use-case but carries typical supply-chain and execution risks — the SKILL.md points to source and docs, which helps auditing.
Credentials: okNo environment variables or unrelated credentials are requested by the skill. The only additional credentials implied are for self-hosting (a Cloudflare account and authenticated wrangler) if the user chooses that path, which is expected and proportional to the self-hosting option. The default remote notary receives compact proof metadata (tool name, timestamp, hash, counter) per the documentation.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable. It does not request system-wide persistent privileges beyond installing a plugin package (global npm) and writing files under ~/.openclaw/workspace/, which is consistent with its purpose.