Skillv1.0.1

ClawScan security

Clawket · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 27, 2026, 1:12 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (generate a QR containing the local Gateway host/port/token) — it's coherent — but it reads a local auth token and embeds/prints it, so be cautious about where that QR or output is sent or stored.
Guidance: This skill appears to do exactly what it says, but it will read your local OpenClaw auth token and embed it in a QR image (and print it to the terminal). Before installing/using it: 1) Confirm you want the token exported into ~/.openclaw/media/clawket-qr.png and possibly transmitted via chat/message; 2) Run the script locally yourself rather than giving a remote agent permission to run it, if you prefer tighter control; 3) Share the resulting QR only with the intended device/user and consider deleting the PNG afterward; 4) If the token is sensitive, consider rotating/revoking it after pairing or using an ephemeral pairing token if available; 5) If you plan to let the agent send the PNG on your behalf, understand that message logs or the agent's channels could store the token — only proceed if you trust the destination.

Purpose & Capability: okName/description state: generate QR for Clawket pairing. The script reads ~/.openclaw/openclaw.json to extract gateway auth token and port, detects LAN IP, and produces a PNG + ASCII QR. These actions are expected and proportionate to the stated purpose.
Instruction Scope: noteSKILL.md instructs running the provided script which explicitly reads the raw auth token from ~/.openclaw/openclaw.json (bypassing any redaction) and instructs the agent to send the generated PNG via the message tool. This is necessary for pairing but means a secret token will be written to disk, printed to stdout, and potentially transmitted — the instructions do not require or instruct redaction.
Install Mechanism: okNo external install/unpack occurs; the skill is instruction-only plus a local script. It depends on qrencode (standard package) and provides sensible installation hints. No downloads from untrusted URLs or archive extraction are present.
Credentials: noteNo environment variables or unrelated credentials are requested. The script reads a local config file to retrieve a gateway auth token — this is expected for the task but is sensitive. The token is embedded in the QR and printed unredacted.
Persistence & Privilege: okalways:false and no modifications to other skills or system-wide settings. The script writes output to ~/.openclaw/media (a local app directory), which is appropriate for its purpose and does not request elevated privileges.