Skillv1.0.0

ClawScan security

seithar-intel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:09 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are internally consistent with a threat-intelligence feed/briefing agent; it requests no extra credentials or installs, but a few operational details are vague and worth confirming before use.
Guidance: This skill appears to do what it claims (a threat-intel feed and briefing assistant) and does not request extra credentials or installs — but before enabling it you should: 1) Confirm where briefings will be sent and what chat credentials (if any) the skill will use; ensure those tokens have only the necessary posting scope. 2) Decide whether you want the skill to fetch raw PoC pages or payloads; if not, ask it to avoid retrieving code blobs or binary attachments. 3) Consider whitelisting the feed list and limiting fetch frequency to avoid excessive network access. 4) If you care about retention/audit, ask how deduplication state is stored (in-memory vs persistent) and how long summaries are kept. 5) If you have policy concerns (sharing exploit code, regulated data), test in a controlled environment first. If you want, I can produce a short checklist of safe configuration settings to apply before enabling the skill.

Review Dimensions

Purpose & Capability: okThe SKILL.md describes a threat-intel / cognitive-security briefing agent and the runtime instructions (fetch RSS, parse, score, summarize, deliver briefings) match that purpose. No unrelated binaries, env vars, or install steps are requested.
Instruction Scope: noteInstructions are generally scoped to fetching public RSS feeds via the platform's web_fetch tool, deduplicating in memory, scoring with the LLM, and sending briefings. The skill explicitly says it will 'discover public proof-of-concept code for disclosed vulnerabilities' — which is coherent for threat research but means the agent may fetch exploit PoC pages or payloads. The SKILL.md does not specify safeguards (e.g., avoid downloading/executing binaries or attachments) or limits on what content to fetch, so there is some operational risk and ambiguity about handling potentially harmful content.
Install Mechanism: okThis is instruction-only with no install spec and no code files, which minimizes disk persistence and install-time risk.
Credentials: noteThe skill requests no environment variables or credentials in the registry metadata. However, it states it will deliver briefings via the operator's 'preferred chat app' and use OpenClaw's cron/heartbeat — the SKILL.md does not declare or document any required delivery credentials or scopes. This is explainable if it uses the agent's existing channel integrations, but it's a missing operational detail the operator should confirm (which chat endpoints will receive alerts, what credentials are used, and whether the skill will need extended posting permissions).
Persistence & Privilege: okalways:false and no install means the skill does not request forced-permanent inclusion. The skill uses in-memory deduplication and relies on platform scheduling; autonomous invocation is allowed by default but not unusual for this kind of feed-checker. No evidence it modifies other skills or system-wide settings.