Skillv1.1.1

ClawScan security

Praesidia · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:03 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are coherent with its stated purpose (agent verification, discovery, and guardrail management); it only asks for a single Praesidia API key, but there are a few small documentation inconsistencies you should be aware of before installing.
Guidance: This skill appears to do what it says: it calls the Praesidia API to verify agents, list/discover agents, and manage guardrails. Before installing, verify the Praesidia service and the skill source (origin is 'unknown' here). Use an API key with the least privilege necessary (prefer a read-only key for verification/discovery). If you plan to let the skill apply guardrails, ensure the key is scoped to the correct org/team and that audit logging is enabled on your Praesidia account. Confirm how the agent runtime will obtain orgId/context (the SKILL.md assumes this without explicit steps). Do not store broad-purpose admin keys in shared or global config unless you understand the key's scope. If uncertain, test with a limited-scope or staging API key and review Praesidia audit logs for changes the skill makes.

Review Dimensions

Purpose & Capability: okThe name/description (agent verification, trust scores, guardrails, A2A cards) match the actual behavior: SKILL.md exclusively shows web_fetch calls to Praesidia API endpoints and examples for listing/applying guardrails and discovering agents. Requesting a PRAESIDIA_API_KEY is expected for this functionality.
Instruction Scope: noteRuntime instructions stay within the stated domain (calls to Praesidia API to fetch agent cards, list/apply guardrails, discovery, validation). Minor issues: instructions assume the agent can obtain an orgId from 'user profile or context' but do not specify how to retrieve it, and the README/SKILL.md tell users to add the API key to ~/.openclaw/openclaw.json even though the skill metadata declared no required config paths—this is a documentation mismatch but not malicious.
Install Mechanism: okNo install spec and no code files — instruction-only skill. This is low-risk from an installation/extraction perspective because nothing is written to disk by the skill itself.
Credentials: noteOnly one required env var (PRAESIDIA_API_KEY) is declared, which is proportionate to API-based verification and guardrail management. However, the key likely grants both read and write actions (the SKILL.md includes POST examples to create guardrails), so the API key is powerful — users should ensure the key's scope is minimal for the intended use (read-only vs full admin) before supplying it.
Persistence & Privilege: notealways:false and no installs are appropriate. The skill is capable of making state-changing API calls (applying guardrails) which is coherent with its purpose, but because the skill can modify organization-level guardrails, autonomous invocation + an unrestricted API key increases blast radius; this is expected for a management skill but worth caution.