Skillv1.0.0

ClawScan security

Skill Audit Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 26, 2026, 1:26 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with an on-agent security scanner that enumerates installed skills and builds reports for configured channels; it requests no external credentials and does not embed network exfiltration behavior, though the source is unknown and a few minor claims in the docs don't match the shipped code.
Guidance: This skill appears to be what it says: a local static scanner that enumerates installed skills and prints a report intended to be delivered to the agent's configured channels. Before installing, consider: 1) Source provenance — the package has no homepage and an unknown owner; prefer skills from known sources. 2) Review ~/.openclaw/agents/.../sessions.json and ~/.openclaw/openclaw.json contents (or inspect the code paths) to confirm no sensitive tokens would be exposed by discovery heuristics. The scripts only read channel metadata (channel/to), they do not post externally themselves, but printed channel data may appear in outputs. 3) If you want scheduled scans, verify how your OpenClaw deployment schedules skills — the package itself does not create cron jobs. 4) If you have strict secrecy requirements, run the scanner in a restricted/test environment first or review/execute the code manually. If anything in the package is unclear, ask the publisher for source verification or a signed release before enabling autonomous runs.

Review Dimensions

Purpose & Capability: okThe name/description (skill scanner that reports to configured channels) matches the included scripts: skill_audit.py performs static regex-based scans and scan_and_report.py enumerates installed skills and discovers configured channels to build a report. The files it reads (skill directories, OpenClaw session/config files) are reasonable for a tool that needs to find skills and where to send reports.
Instruction Scope: noteSKILL.md and code limit actions to reading installed skill files and OpenClaw session/config JSONs and printing a report. That scope aligns with the stated purpose. Note: the tool reads ~/.openclaw agent/session and openclaw.json to discover channels — this is expected for delivering reports, but it means the scanner accesses agent session/config data (channel names/to fields). The README claim that installation "automatically creates every-24-hour tasks" is not implemented in the provided scripts (the scripts only generate a report when run).
Install Mechanism: okNo external install/downloads or unusual install hooks are present; the skill is distributed as source Python scripts and a SKILL.md. No network downloads, archive extraction, or brew/npm installs are present in the package.
Credentials: noteThe skill declares no required env vars or credentials, and indeed the code does not request API keys. It does read local OpenClaw session/config files to discover active channels — reasonable for its purpose, but you should be aware it reads per-user config files under the home directory (it does not attempt to read arbitrary system secrets or environment variables).
Persistence & Privilege: okalways is false and the skill does not request to modify other skills or global agent settings. The SKILL.md promises automatic scheduling, but no code in the package actually registers a cron job; periodic execution presumably relies on platform support. Autonomous invocation (disable-model-invocation=false) is normal for skills and not, by itself, concerning here.