Back to skill
Skillv1.0.2
ClawScan security
ClawHub Plugin Packager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 3:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, templates, and runtime instructions are coherent with its stated purpose as a plugin packager and contain no disproportionate privileges or hidden install steps.
- Guidance
- This skill appears to do what it says: generate, repair, or audit OpenClaw/ClawHub native plugin packages using the included templates. Before using it, consider: (1) The skill will inspect any plugin files or drafts you supply — do not pass real secrets or production API keys as part of inputs. (2) Generated provider/channel plugin manifests may document env vars (placeholders); verify and never let the packager embed actual credentials into the produced zip. (3) Always open and review the produced plugin zip and the separate critique file before publishing the plugin to ensure no sensitive data was accidentally included and that the inferred assumptions match your intent. (4) The skill cannot run autonomously (disable-model-invocation: true), so invocation is under your control.
Review Dimensions
- Purpose & Capability
- okThe name/description match the actual content: an instruction-only packager for OpenClaw/ClawHub native plugins. The files are templates, examples, and detailed runtime instructions for generating, repairing, auditing, and packaging plugins. There are no unrelated environment variables, binaries, or install steps requested.
- Instruction Scope
- okSKILL.md instructs the agent to inspect provided inputs, infer missing pieces, repair inconsistencies, and output one plugin zip plus a separate critique file; this falls within the stated purpose. The instructions explicitly emphasize keeping critique separate and documenting inferences and repairs. The skill does direct reading of user-supplied plugin artifacts (manifests, code fragments, folders), which is expected for a packager and is proportionate.
- Install Mechanism
- okNo install spec is present (instruction-only), so nothing is downloaded or written by an installer. The package includes local template files only; no remote URLs or archive extraction are used during install.
- Credentials
- okThe skill does not request environment variables, credentials, or config paths. Example provider/channel specs and generated plugin manifests may reference environment variables (e.g., API keys) for the plugins they produce, but the skill itself does not require or collect secrets — this is appropriate and proportionate.
- Persistence & Privilege
- okThe skill is not marked always:true and is user-invocable. Notably, disable-model-invocation is true, so it cannot be autonomously invoked by the model — reducing runtime blast radius. The skill does not request persistent system-wide changes or modify other skills' configs.