Skillv0.1.2

ClawScan security

openclaw-gitcode-pr-monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 11:11 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (monitoring GitCode PRs, running an OpenClaw agent, posting comments, sending DingTalk/WeCom notifications) matches its description, but the package metadata omits several required credentials, binaries, and config paths the scripts actually need.
Guidance: This package looks like a legitimate GitCode PR monitor and reviewer, but the published metadata is incomplete. Before installing or running it: - Verify you have an official OpenClaw CLI binary and confirm the OPENCLAW_CMD used by scripts points to a trusted binary. The scripts call openclaw message send and openclaw agent which will transmit content externally. - Provide and protect the GitCode token: the scripts expect $HOME/.openclaw/workspace/data/gitcode-token.txt. Ensure this file is readable only by the intended user (chmod 600) and stored in a secure workspace. - Confirm you want automatic posting of comments and notifications. The submit-pr-comment.sh will post the full generated report as a PR comment using your GitCode token. - Ensure required helper binaries are present (curl, jq). The metadata doesn't declare them. - Inspect ~/.openclaw/openclaw.json and your OpenClaw messaging channel configurations so the TARGET_WECOM/TARGET_DINGTALK bindings do what you expect and do not leak reports to unintended recipients. - Because the metadata omitted required credentials/config paths and required binaries, treat this package as 'suspicious' until you confirm and secure the above items. If you need higher assurance, request the publisher to update the skill metadata to declare required env vars, credentials, and binaries (GitCode token, openclaw CLI, notification targets) and to document expected network endpoints.

Review Dimensions

Purpose & Capability: concernThe scripts implement a GitCode PR monitor + reviewer and use the GitCode API, OpenClaw CLI, and notification channels (DingTalk/WeCom) — which fits the stated purpose — but the registry metadata lists no required env vars, credentials, or binaries. In practice the skill expects: a GitCode token file ($HOME/.openclaw/workspace/data/gitcode-token.txt), an OpenClaw CLI binary (OPENCLAW_CMD or openclaw in PATH), curl and jq, and notification targets (TARGET_DINGTALK / TARGET_WECOM). Those were not declared in the skill metadata and should have been.
Instruction Scope: noteThe SKILL.md and scripts stay within the described purpose: polling GitCode APIs, invoking an OpenClaw agent to produce a Markdown report, posting comments to GitCode, and sending notifications. The instructions reference concrete files/paths (workspace data, logs, lockfiles, ~/.openclaw/openclaw.json for WeCom channel) and call external endpoints (gitcode.com and OpenClaw messaging). Nothing in the scripts asks for unrelated host data, but they do assume access to workspace files and the local openclaw CLI.
Install Mechanism: okNo install spec or remote downloads are present; the package is script-based and writes nothing during 'install'. Risk is limited to runtime behavior of the scripts rather than an installer fetching arbitrary code.
Credentials: concernThe scripts require a GitCode PRIVATE-TOKEN (stored in a file) and notification target env vars, and they expect a wecom-app channel configuration in ~/.openclaw/openclaw.json. The registry metadata listed none of these credentials or config paths. Requiring a GitCode token is reasonable for the purpose, but the omission in metadata is an incoherence and increases the chance the user will miss that sensitive secret must be supplied and protected.
Persistence & Privilege: okThe skill does not request 'always: true' and does not modify other skills or system-wide agent settings. It writes state, logs, and reports under the OpenClaw workspace (normal for a monitor) and uses /tmp lockfiles; these are expected for a cron-run monitor.