Skillv1.0.4

ClawScan security

Claw-lint · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 13, 2026, 9:56 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (a local, static scanner for OpenClaw skills); it does not request secrets or install remote code, but the SKILL.md and the included script do require standard Unix tooling that the registry metadata did not list.
Guidance: This skill appears to be what it says: a local static linter for OpenClaw skills. Before installing or running it, consider: 1) Ensure you have the required standard Unix tools (bash, find, grep, awk, sha256sum, stat, base64, tr, readlink, mktemp); the registry metadata omits these but the script will fail without them. 2) Review the bundled bin/claw-lint.sh (already included) if you have extra caution — it runs locally and does not make network requests, but it will read files under your ~/.openclaw skill directories and may flag sensitive material found there. 3) Run it on a test environment first (or with --skill <name>) to inspect outputs and false positives before integrating in CI. 4) If you require guarantees about symlink handling or whether targets outside the skill directories are scanned, verify behavior in your environment (the script detects symlinks but does not explicitly follow them when enumerating files). Overall this is coherent for a pre-execution scanner; no obvious malicious behavior was found.

Review Dimensions

Purpose & Capability: noteName/description (security linter for OpenClaw skills) match the included behavior: the bundled shell script statically scans ~/.openclaw/workspace/skills and ~/.openclaw/skills, computes hashes, and emits text/JSON. Minor metadata inconsistency: registry 'Required binaries' is empty but the SKILL.md and script explicitly require a set of standard Unix tools (bash, find, grep, awk, sha256sum, stat, base64, tr, readlink, mktemp, etc.). That is not a functional red flag but should be corrected for accuracy.
Instruction Scope: okThe SKILL.md and bin/claw-lint.sh confine actions to static analysis of skill directories and local files (no network calls, no external endpoints). The script searches for patterns like hardcoded keys, remote-exec idioms, and persistence indicators and may compute SHA256 hashes when requested. It does not attempt to read system-wide configuration beyond scanning the listed skill directories; it detects but does not follow symlinks by default. Behavior stays within the described purpose.
Install Mechanism: okNo install spec — the skill is instruction-only with a bundled shell script. No remote downloads or extract/install steps are present in the package. The included code is self-contained and executed locally.
Credentials: okThe skill declares no required environment variables or credentials, and the code does not attempt to access external secrets stores. It does look for patterns that indicate hardcoded secrets inside scanned skills (e.g., AWS keys, private key headers) and flags them, which is appropriate for its scanning role.
Persistence & Privilege: okThe skill does not request permanent 'always' inclusion or modify other skills' configs. It can be invoked by the agent (normal), but has no elevated persistence or privilege demands.