Skillv4.4.7

ClawScan security

Skill Manager All In One | 一站式技能管理器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 30, 2026, 5:29 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only 'skill manager' whose requested actions and checks align with its stated purpose — it prescribes local checks, git/ClawHub/gh commands, and two-step confirmation before any publish/push — there are no unexplained credential or install demands.
Guidance: This skill is coherent and appears to do what it says: a checklist-driven skill publishing and audit workflow. Before using it, ensure you (a) have reviewed and understand the exact shell/git/clawhub/gh commands it will run, (b) only grant it permission to run publish/push/release commands after you explicitly confirm (the SKILL.md already enforces two-step confirmation), (c) confirm that your CLI credentials (clawhub, gh, git remotes) are correct and that no sensitive files will be moved unintentionally when following the 'move oversized files' guidance, and (d) if you want to limit risk, run its instructions in a read-only or sandboxed environment (inspect, list, and prepare commands first) and avoid giving it unattended autonomous execution rights. If you want higher assurance, ask the author for a short README that enumerates the exact commands the agent will execute when you confirm a publish/push, or run those commands manually yourself.
Findings: [static-scan-none] expected: No code files to scan; SKILL.md is instruction-only so the regex scanner had nothing to analyze. This absence of findings is expected for an instruction-only skill and does not imply safety.

Review Dimensions

Purpose & Capability: okName/description match the contents: the SKILL.md is a detailed end-to-end publishing/audit workflow for creating, modifying, publishing, testing and promoting OpenClaw skills. All referenced operations (checking local workspace, running clawhub, git, gh, file-size checks, changelogs, promotion templates) are expected for a skill manager.
Instruction Scope: okThe instructions tell the agent to read local skill files, inspect directories under ~/.openclaw/workspace, run CLI checks (clawhub inspect/list, git status, du -sh), and prepare publish/promote commands. Those actions are within the stated scope. The doc explicitly enforces a two-step confirmation and forbids executing publish/push/release/promote operations without explicit user confirmation.
Install Mechanism: okThis is instruction-only with no install spec and no code files, so nothing is written or downloaded. That is the lowest-risk install model and consistent with the skill's purpose.
Credentials: okNo environment variables, credentials, or config paths are declared as required. The SKILL.md expects use of existing tools (clawhub, git, gh) and local paths (~/.openclaw/*) which is proportional to a publishing/audit tool. It does not demand unrelated secrets; it sensibly references logins and CLI presence but requires explicit user confirmation before performing credentialed actions.
Persistence & Privilege: okalways is false and the skill does not request persistent system presence or modify other skills' configs. It instructs actions that may alter remote repositories or publish a skill, but only after the mandatory second-step user confirmation — this is appropriate for its role.