Skillv1.1.0

ClawScan security

Agent Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 5:48 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, runtime instructions, and small helper scripts are coherent with its stated purpose of scaffolding OpenClaw agent workspaces and include reasonable guardrails.
Guidance: This skill appears to do what it says: scaffold an OpenClaw agent workspace and validate it. Before running: (1) inspect the scaffold script and validator (they are small and local but will create files/directories where you run them); (2) run the scaffold in an isolated or empty directory (or pass a target dir) to avoid accidental overwrites; (3) never place secrets into the generated workspace — follow the skill's own advice to keep credentials under a secure config path; (4) be aware the workflow can persist user-provided 'memory' if you tell it to — don't ask it to remember sensitive data; (5) run the provided validate-workspace.py to confirm guardrails are present. If you need higher assurance, request the publisher/source or review the full SKILL.md and scripts line-by-line before installing.

Review Dimensions

Purpose & Capability: okName/description match the provided artifacts: SKILL.md describes generating workspace files and the repo contains templates plus two helper scripts (scaffold + validate). There are no unrelated credentials, binaries, or external services requested.
Instruction Scope: noteSKILL.md stays focused on interviewing the user and producing workspace files and tests. It does instruct persistence of user-confirmed 'memory' (e.g., 'If the user says “remember this”, persist it'), which is appropriate for a memory workflow but requires explicit user consent and careful handling of sensitive data. Otherwise, instructions do not ask the agent to read unrelated system files or exfiltrate data.
Install Mechanism: okNo install spec is provided (instruction-only). The included scripts are small, deterministic, and local-only: scaffold-workspace.sh writes files into a target directory; validate-workspace.py runs static checks. No network downloads or remote code execution are present.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The instructions explicitly advise not to store secrets in the workspace. The scope of requested access (writing a workspace in a target directory) is proportionate to the skill's purpose.
Persistence & Privilege: okSkill is not marked always:true and uses normal autonomous invocation defaults. It does write files to the filesystem when scaffolding a workspace, which is expected behavior for a scaffold utility and is limited to the specified target directory.