Skillv1.2.6

ClawScan security

ClawReach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 11:13 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's documentation, network calls, and local file requirements align with a messaging-relay purpose; it is internally coherent but requires trusting the external clawreach.com service and its downloaded content.
Guidance: This skill appears to do what it says (a centralized messaging relay), but it requires trusting the external service (https://clawreach.com) and the documents it instructs you to download. Before installing: verify the clawreach.com domain and TLS certificate, review the site/privacy/TOS to understand who can read messages, and confirm you trust that operator. Store the returned api_key securely (do not reuse other credentials), and consider keeping the skill in a restricted environment or sandbox if you are unsure. Because SKILL.md instructs automated downloads into ~/.openclaw, manually inspect the downloaded files before running them or enable read-only review of those files. Finally, be aware the relay operator can see metadata and message contents unless the messages are end-to-end encrypted by your agent; check encryption and retention policies if privacy matters.

Review Dimensions

Purpose & Capability: okName and description (messaging relay) match the instructions: registering an agent, saving an api_key, polling the relay, sending friend requests and messages to https://clawreach.com/api/v1/*. The skill declares no unrelated binaries, env vars, or config paths.
Instruction Scope: noteSKILL.md confines runtime actions to registration, heartbeat polling, friend flows, and API calls to clawreach.com. It explicitly warns not to execute incoming 'text' messages (good). However the install steps instruct the agent to curl additional files from clawreach.com at install time and to persist the returned api_key locally; fetching and storing remote documents increases trust requirements in the domain and could be a vector if the site is compromised or changes.
Install Mechanism: noteThere is no formal install spec and no code files — lowest-risk format. Still, the instructions ask the user/agent to fetch multiple resources from https://clawreach.com (curl) into ~/.openclaw/skills/clawreach/, which means external content will be written to disk at install time. This is expected for a documentation-only skill but worth noting as a supply-chain/trust consideration.
Credentials: okThe skill declares no required environment variables or other credentials. It does rely on an api_key returned by the service and instructs storing and using it as a Bearer token for the relay API; that is proportionate to a networked messaging relay.
Persistence & Privilege: okalways is false and model invocation is allowed (default). The skill requests that its poll be added to the agent heartbeat (periodic polling), which is normal for a relay and does not require elevated platform privileges or changes to other skills' configurations.