Skillv1.0.0

ClawScan security

Platform Healthcheck · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 19, 2026, 8:40 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (periodically checking many APIs) but quietly reads other skills' config files in your home directory and probes local endpoints without declaring that access — this mismatch is surprising and worth reviewing before installing.
Guidance: Summary and recommended actions: - What it will do: the skill runs a bundled Python script that requests every URL in data/platforms.json, optionally makes auth requests using API keys it finds in local config files, and saves results to data/history.json. - Why this is surprising: the skill's metadata declares no credentials or config-path requirements, yet platforms.json points to per-skill config files under ~/.clawdbot/skills/... and the script reads those files to extract API keys. It also probes local endpoints (127.0.0.1) which can reveal whether local services are running. - Risks: the script will access secret-containing config files in your home directory (read-only) and then include those tokens in outbound auth requests to the corresponding services. It does not appear to exfiltrate tokens to a third party, but it has access to secrets and will perform network requests using them. Probing local services can reveal internal state. - Before installing, consider: - Inspect data/platforms.json and remove or edit any entries whose auth_config points to config files you don't want read. - Inspect the code (scripts/healthcheck.py) yourself (it is bundled) and confirm the behavior is acceptable. - Run the script in an isolated account/container or with a restricted home directory if you want to avoid letting it read existing skill configs. - If you only want external checks, remove local entries (e.g., 127.0.0.1) and entries with auth_config fields. - If you are comfortable, the skill is coherent with a healthcheck purpose, but you should explicitly accept that it will read local config files and make auth requests using any found tokens. If you want, I can produce a minimal platforms.json that removes auth_config/local items, or show the exact lines in the script that read config files and perform auth requests so you can audit them further.

Review Dimensions

Purpose & Capability: noteName/description match the code: the script checks availability, response time, auth, SSL and Cloudflare for ~20 platforms listed in data/platforms.json. However platforms.json includes auth_config paths pointing at per-skill config files under ~/.clawdbot/skills/ which the skill did not declare as required; reading other skills' configs is plausible for auth-checking but should have been declared.
Instruction Scope: concernSKILL.md simply runs the bundled Python script. The script loads data/platforms.json and data/history.json, reads config files from paths like ~/.clawdbot/skills/<skill>/config.json to extract API keys, performs HTTP(S) requests (including POST bodies) to every listed URL, probes local endpoints (127.0.0.1) and writes history.json. It does not transmit config file contents elsewhere, but it will use any discovered tokens when making auth requests. The script therefore accesses local credential files and local services beyond a simple external 'ping' and this scope was not explicitly declared in the metadata.
Install Mechanism: okNo install spec or remote downloads; this is an instruction-only skill with a bundled Python script. Required binary is only python3, so install surface is low-risk from a supply-chain perspective.
Credentials: concernThe skill declares no required env vars or credentials but will read files under the user's home directory (expanded paths like ~/.clawdbot/skills/.../config.json) to retrieve API keys for auth checks. Requesting access to other skills' config files is proportionate to performing auth checks, but the metadata should have disclosed that it reads local config paths and therefore may access secrets stored there.
Persistence & Privilege: okalways:false (not force-included). The script writes history.json inside its data directory and keeps up to 500 entries. It does not modify other skills' configs or global agent settings. Autonomous invocation is enabled (platform default) but not combined with other severe red flags.