Back to skill
Skillv0.1.0
ClawScan security
Model Advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 8:01 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and actions (reading OpenClaw config and session history to compute a security score and recommend models) match its description; it does access sensitive local files (session messages and gateway config), so inspect/approve before running.
- Guidance
- This skill appears to do what it says — it analyzes your OpenClaw config and recent session messages to score security and recommend models. However, it reads private files in ~/.openclaw (session messages and openclaw.json), which may contain sensitive data (conversation content, API keys or auth config). Before running or installing: (1) review the full scripts/advisor.js to confirm there are no network calls or unexpected behavior (the visible portion shows none, but the file was truncated in the listing), (2) consider running it in a restricted environment or with a copy of your OpenClaw data if you want to avoid exposing real conversations, and (3) if you do not trust the skill author, do not execute the script as your main user — inspect it line-by-line or sandbox it. If you need, ask for a full listing of advisor.js to verify there are no outbound network requests or telemetry.
Review Dimensions
- Purpose & Capability
- okThe skill's name/description claim recommending models and computing an OpenClaw security score — the code reads ~/.openclaw/openclaw.json, models.json, and recent session files to produce recommendations and a security report. Those file reads are necessary for the stated features and therefore proportionate.
- Instruction Scope
- noteSKILL.md and advisor.js explicitly instruct and implement reading recent session messages (~5 sessions) and openclaw.json to analyze task types and compute security metrics. That is within the stated purpose, but it means the skill will access and analyze private user messages and local gateway configuration (which may contain sensitive fields). There are no instructions to send data to remote endpoints in the visible code.
- Install Mechanism
- okNo install spec is provided (instruction-only skill) and the included script is intended to be executed locally with node. No remote downloads or extract/install steps are present, so nothing extra will be written to disk beyond running the packaged script.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths beyond those under the user's ~/.openclaw directory. The requested access (openclaw.json, models.json, sessions directory) is appropriate for its functionality.
- Persistence & Privilege
- okalways is false and the skill does not request permanent presence or modify other skills. It only reads local files and prints recommendations — no elevated platform privileges are requested.