Back to skill
Skillv1.1.0
ClawScan security
New Openclaw Docs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 5, 2026, 5:29 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's scripts and workflow match a docs-fetch/search tool, but the package metadata omits environment requirements and a crucial sourced file (.openclawdocs-env.sh) is missing — this mismatch and the presence of secret placeholders in snippets are inconsistent and worth caution.
- Guidance
- This skill appears to implement a docs fetch/search tool, but before installing or running it you should: (1) Inspect the missing .openclawdocs-env.sh (or ask the author for it). That file likely defines defaults and helper functions — it must be reviewed for any unexpected network calls or commands. (2) Ensure the skill's required environment variables (OPENCLAW_DOCS_CACHE_DIR, OPENCLAW_DOCS_TTL, OPENCLAW_DOCS_BASE_URL) are set to safe values and that the cache directory is confined to a workspace area you control. (3) Do not paste real service tokens into example snippets; the snippets contain placeholders like ${DISCORD_TOKEN}/${TELEGRAM_TOKEN}. (4) Run scripts initially in a restricted environment (no sensitive mounts, limited network) and run scripts/check_env.sh to confirm behavior. If the package author can provide the missing .openclawdocs-env.sh and update the registry metadata to declare the env vars the skill actually needs, this assessment could move toward benign.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to provide cached doc fetch/search and routing, and the included scripts implement those features. However, the scripts rely on environment variables (OPENCLAW_DOCS_CACHE_DIR, OPENCLAW_DOCS_TTL, OPENCLAW_DOCS_BASE_URL) and helper functions (openclawdocs_download, openclawdocs_cache_path, openclawdocs_list_cache, openclawdocs_cache_cleanup) defined in a sourced file (.openclawdocs-env.sh) which is not included in the bundle. The registry metadata declares no required env vars or credentials, which is inconsistent with the scripts' runtime needs.
- Instruction Scope
- concernSKILL.md directs the agent to run workspace scripts that will read/write a local cache and download pages from the docs base URL. The scripts only call expected local tools (curl/wget, grep, find, stat) and fetch from docs.openclaw.ai, not arbitrary external endpoints. However, because they source an external env file (missing here) the actual runtime behavior depends on that file; that creates uncertainty about what additional commands or endpoints might be invoked.
- Install Mechanism
- okNo install spec is provided and the package is instruction/scripts-only. Nothing in the manifest attempts to download or run third-party installers. The only external dependency called out is an optional 'qmd' package for advanced indexing (not installed by the skill).
- Credentials
- concernThe skill metadata declares no required environment variables or credentials, yet scripts clearly depend on OPENCLAW_DOCS_CACHE_DIR, OPENCLAW_DOCS_TTL, and OPENCLAW_DOCS_BASE_URL. Additionally, snippets/common-configs.md contains placeholders like ${DISCORD_TOKEN} and ${TELEGRAM_TOKEN}; while these are likely example placeholders, their presence means users might be prompted to provide secrets in configs. The mismatch between declared and actual environment needs is disproportionate and should be clarified.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide configuration. Its scripts only manage a local cache directory and snapshot files under that cache. The operations (rm -rf on cache refresh, creating snapshot dir) are limited to the skill's own cache area.