v1.1.0

Oc

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:28 AM.

Analysis

This troubleshooting skill is coherent, but it can run automatic fixes that change your system and OpenClaw setup, and it includes diagnostics that can expose API keys or tokens.

GuidanceInstall only if you want a hands-on OpenClaw repair tool. Before using auto-fix modes, review the planned commands, avoid printing or pasting secrets, run it in an isolated shell when possible, and prefer interactive/dry-run options for any fix involving processes, packages, Docker, tokens, configuration resets, or deletions.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

data/fix-recipes.json

"command": "lsof -ti :{port} | xargs kill -9" ... "command": "systemctl start docker" ... "command": "npm install -g openclaw"

The fix recipe catalog includes shell commands that can force-kill processes, start Docker, and install software globally. These are related to fixing OpenClaw, but they are high-impact actions.

User impactAn automatic repair could stop the wrong process, change system services, or modify globally installed software if invoked without careful review.

RecommendationRun auto-fixes only after reviewing the exact planned commands; prefer dry-run or interactive confirmation, especially for process, Docker, package-manager, and configuration-reset fixes.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

"kind": "shell", "command": "pip install click rich requests beautifulsoup4"

The skill declares a shell-based dependency install using unpinned Python packages. Installing dependencies is expected for this Python tool, but unpinned packages can change over time.

User impactFuture dependency versions could behave differently from the versions the author tested.

RecommendationInstall in an isolated environment and prefer pinned dependency versions or a reviewed lockfile when available.

Human-Agent Trust Exploitation

SeverityMediumConfidenceMediumStatusConcern

references/auto-fix-capabilities.md

| **Safe** | No risk, fully reversible | No | Yes | ... python3 scripts/error-fixer.py --fix-all-safe

The documentation describes safe fixes as having no risk and needing no confirmation, while the broader artifacts include automatic repair workflows that change configuration, tokens, packages, and services.

User impactUsers may over-trust the auto-fix mode and allow changes without understanding their impact.

RecommendationTreat 'safe' as lower-risk rather than no-risk; review each planned fix and ensure backups or rollback steps exist before applying changes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

references/authentication-errors.md

env | grep -i api_key ... openclaw status --show-tokens ... openclaw status --show-gateway-token

The authentication troubleshooting guide instructs users to display API-key and token-related values. This is relevant to diagnosis, but secrets could be exposed in terminal output, chat history, or logs.

User impactAPI keys or gateway tokens may be revealed to the agent or stored in transcripts if copied back into the conversation.

RecommendationDo not paste raw keys or tokens into the agent; redact secret values and prefer OpenClaw commands or local secret managers that avoid printing full credentials.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

data/fix-execution-history.json

"executions": [], "success_rates": {}

The package includes a persistent fix-history data file. Storing repair history is useful for diagnostics, but such history can contain sensitive paths, error details, or operational context once populated.

User impactDiagnostic history may persist after a troubleshooting session and could reveal details about your local OpenClaw environment.

RecommendationReview where history, caches, and backups are stored; clear them when troubleshooting sensitive systems.