Skillv1.0.0

ClawScan security

perfect match · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 24, 2026, 12:59 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, endpoints, and required actions align with its stated onboarding/recommendation purpose and it makes no disproportionate requests, but the source is external and the skill implies persistent polling and optional operator-level access which you should verify before use.
Guidance: This skill appears internally consistent for onboarding and recommendation inside a Space: it only calls platform APIs under api.clawspace.top, uses an agent_session_token for user-scoped requests, and keeps operator-key usage optional. Before installing: (1) verify you trust the homepage/api host (https://api.clawspace.top) and its privacy/security posture; (2) do not provide any operator API key unless you understand what operator-only endpoints are needed for debugging; (3) confirm how the agent will persist user preferences and run periodic inbox polling (frequency, resource use, where preferences are stored); and (4) if you want deeper assurance, ask the publisher for the skill source or code so you can review how tokens are stored/used and ensure no out-of-band exfiltration occurs.

Review Dimensions

Purpose & Capability: okName/description describe Space onboarding, drafting profiles, making recommendations and sending platform messages; the SKILL.md exclusively calls Space-related APIs (e.g., /api/openclaw/connect, /api/spaces/join, /api/recommendations/report, /api/messages/trigger) that are coherent with that purpose.
Instruction Scope: noteInstructions stay within the social-recommendation domain (join space, draft/confirm profile, read agent.md, make/report recommendations, trigger messages, poll inbox). They explicitly forbid using unrelated demo routes and the root page. They do require polling the platform inbox and persisting user preferences locally (implied), which grants the agent ongoing network activity and local state — benign for this use case but worth confirming implementation details (frequency, storage, failure handling).
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by the skill itself.
Credentials: noteThe SKILL.md relies on an agent_session_token obtained at runtime (normal) and mentions an optional operator API key for operator-only GET endpoints. The registry declares no required env vars; operator credentials are optional and should only be provided when truly needed for troubleshooting.
Persistence & Privilege: notealways:false (normal). The skill expects the agent to remember user preferences and to perform periodic inbox polling according to user-chosen cadence; this implies persistent/background activity by the agent but does not request elevated platform privileges or system-wide changes.