Back to skill
Skillv1.2.6
ClawScan security
SolidPod-Data · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 9:21 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, declared requirements, and runtime instructions are consistent with a SOLID Pod management tool; the requested Node binary and SOLID OIDC env vars are proportionate to its purpose, with a few minor implementation notes to verify before installing.
- Guidance
- This skill appears to do what it says: it needs Node and SOLID OIDC client credentials so it can act on your Pod. Before installing, consider: (1) only provide credentials you trust this skill with — the SOLID_OIDC_KEY is effectively a secret that allows the skill to act as the registered client; (2) confirm where tokens are persisted by the @inrupt SDK used here (the code does not explicitly configure storage), and if you need zero on-disk persistence, test or configure the SDK accordingly; (3) the OpenClaw agent (not the CLI) is expected to prompt for confirmation before destructive actions — verify your agent's prompt behavior; (4) prefer giving the skill a client with minimal scopes/privileges and test first against a disposable pod or account; (5) review the GitHub repository listed in the homepage and, if possible, inspect commit history and the author before trusting production credentials. If you want, I can highlight the exact lines that read environment variables and where the session is created so you can audit them more easily.
Review Dimensions
- Purpose & Capability
- okName/description match the actual code and commands. Requiring node and SOLID-related environment variables (IDP, client id, client secret/key, pod URL, optional issuer) is appropriate for a client-credentials-based SOLID pod tool. The package.json dependencies are the expected @inrupt libraries.
- Instruction Scope
- noteSKILL.md describes CLI usage that maps to the provided scripts which call the SOLID server via authenticated fetch. The README and SKILL.md promise confirmations before destructive actions — the CLI dispatcher does not implement interactive prompts itself (it expects the OpenClaw agent layer to request confirmation before invoking write/delete/acl commands). Also the documentation states 'no tokens are written to disk' but the code uses @inrupt/solid-client-authn-node's Session without explicit storage configuration; depending on the library defaults, tokens or session state could be persisted by the SDK. Verify SDK storage behavior if disk persistence is a concern.
- Install Mechanism
- okNo arbitrary downloads or extract steps. SKILL.md suggests running npm install in the skill directory; package.json pulls standard @inrupt packages from the npm registry. This is a normal, low-to-moderate risk install path.
- Credentials
- okThe required environment variables are the expected OIDC/client-credentials values for talking to SOLID Identity Providers and a default pod URL. They are sensitive (client secret/OIDC key) but justified by the skill's ability to perform authenticated actions on a pod.
- Persistence & Privilege
- notealways:false (no forced global inclusion). The skill can be invoked autonomously (disable-model-invocation:false), which is normal — but note that an autonomously-invoked skill that has valid client credentials can perform read/write/ACL changes on your pod. Consider this when granting real credentials to the environment.