Skillv1.0.0

ClawScan security

skll-scan · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 10:54 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, documentation, and runtime instructions are coherent with its stated purpose as a local static security scanner for OpenClaw Skills and do not request disproportionate privileges or secrets.
Guidance: This skill appears to do what it says: local static scanning and domain checks. Before installing or using it: (1) review the script source yourself (it ships with code) to ensure it meets your policies; (2) avoid hardcoding API keys in the script—use a protected config (~/.skill-scan/config.json) with tight file permissions; (3) be careful enabling external threat-intel lookups for internal/private domains (you may leak sensitive hostnames to external services); (4) the cron example edits /etc/cron.d and /var/log, which requires elevated privileges—only set up system cron jobs if you understand the implications; (5) consider running initial scans in an isolated environment and verifying outputs before integrating into CI. Overall the package is coherent and low-risk if used with the normal precautions above.

Review Dimensions

Purpose & Capability: okThe name/description, SKILL.md, and scripts/skill-scan.py are aligned: the tool performs static pattern scanning, domain extraction, and (optional) threat-intel checks. There are no unexpected required binaries, environment variables, or unrelated capabilities requested.
Instruction Scope: noteSKILL.md instructs running the included Python scanner against skill directories and provides CI and cron examples. This stays within the scanner's scope. Note: the cron example writes to /etc/cron.d and /var/log (system-level locations) which typically require elevated privileges; also the docs encourage adding API keys to the script/config to enable external threat-intel lookups, which would cause domain data to be sent to third-party APIs if enabled.
Install Mechanism: okNo install spec is provided (instruction-only) and the shipped script is run by the user; this is the lower-risk option. No remote downloads or archive extraction are used by the skill itself.
Credentials: noteThe skill declares no required env vars or secrets. The documentation describes storing API keys in a config or inserting them into the script — acceptable for threat-intel integrations but carries the usual caution: do not hardcode secrets, prefer a secured config, and be mindful of sending internal/private domains to external services.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent 'always' inclusion or modify other skills. The example for periodic auditing (cron) is user-controlled and not automatic.