Back to skill
Skillv0.1.1
ClawScan security
Agent Advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 8:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it claims: it reads local OpenClaw config and session files to produce a model recommendation and a local security score — nothing in the files or instructions requests unrelated credentials or external network access.
- Guidance
- This skill reads your OpenClaw configuration and recent session files in your home directory (~/.openclaw/openclaw.json, models.json, and session .jsonl files) to compute a security score and recommend models. That behaviour matches its description, but be aware the session files contain user messages (potentially sensitive). Before installing or running, you may: (1) inspect the full scripts/advisor.js file yourself (search for any 'http', 'fetch', 'net', or 'child_process' uses) to confirm there are no network exfiltration calls; (2) back up or redact sensitive sessions you don't want analyzed; and (3) ensure you trust the source since the script will read local chat contents. If you want extra caution, run the script in a restricted environment or inspect output locally rather than granting any additional credentials.
Review Dimensions
- Purpose & Capability
- okThe name/description (model recommendation + OpenClaw security analysis) matches the implementation: the script reads ~/.openclaw/openclaw.json, optional models.json, and recent session files to compute a security score and recommend Claude models. No unrelated services, binaries, or credentials are required.
- Instruction Scope
- okSKILL.md and the runtime script instruct the agent to run the local Node script which reads local OpenClaw configuration and session history and prints results. The instructions reference only local OpenClaw paths and do not direct data to external endpoints or request unrelated system files. Note: reading session files means user messages are processed locally (privacy-sensitive but expected for the stated purpose).
- Install Mechanism
- okThere is no install spec or external download. The skill is implemented as a local Node script and is intended to be run with the system's node binary; nothing is written to disk by an installer. This is a low-risk install footprint.
- Credentials
- noteNo environment variables or credentials are requested, which is appropriate. The script does read files under the user's home directory (~/.openclaw/*), including sessions.json/.jsonl and openclaw.json — these contain user conversation text and configuration and are necessary for the feature but are privacy-sensitive. The access is proportionate to the stated functionality.
- Persistence & Privilege
- okThe skill does not request persistent/always-on privileges, does not modify other skills, and does not require system-wide changes. Autonomous invocation is allowed by default but is not combined with other concerning privileges.