Skillv1.0.1

ClawScan security

Openclaw Coworker Prompts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 7:27 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only prompt pack whose requested files and instructions match its description; it does not request credentials or install code, but exercise caution when you create agents from these prompts and grant powerful tools (exec, web_fetch, file read) or provide sensitive data.
Guidance: This package is a coherent prompt collection and does not include code, installers, or required secrets — that reduces the immediate attack surface. Before installing/using: 1) Review individual prompts and remove or adapt any that ask agents to handle sensitive data (PHI, payroll, legal case material) unless you control a secure environment. 2) When you create agents from these prompts, avoid granting powerful tools (exec, file read/write, web_fetch) unless strictly necessary; test agents in an isolated environment first. 3) Do not provide real credentials or production data to agents created from these prompts; instead use sanitized examples. 4) Note provenance is limited (no homepage and contact via Telegram); if you require stronger provenance or support, seek packs with maintained repos and clear authorship. 5) Verify license terms and any payment method before purchasing or donating.

Review Dimensions

Purpose & Capability: okThe name/description (100+ coworker prompts across professions) matches the supplied README, SKILL.md, and prompts JSON. There are no unrelated environment variables, binaries, or install steps requested that would be disproportionate to a prompts pack.
Instruction Scope: noteSKILL.md is an instruction-only pack that recommends creating agents and 'assign relevant tools (web, code, exec)'. The included sample prompts ask agents to perform work that may require reading code, OpenAPI specs, EHRs, or logs. The skill itself does not instruct covert data collection or exfiltration, but if a user builds an agent from these prompts and grants tools like exec, web_fetch, or file read/write, that agent could access sensitive local or network data — so scope creepage is possible depending on what the user permits.
Install Mechanism: okNo install spec and no code files to execute are included; this is the lowest-risk distribution model for a skill. Nothing will be written to disk by an installer associated with this skill package.
Credentials: okThe package requests no environment variables, credentials, or config paths. That's appropriate for a prompt pack. Note: some prompts imply integration with external data sources (EHR, payroll systems, GitHub) — those integrations would require credentials, but the skill does not request them itself.
Persistence & Privilege: okalways:false and user-invocable:true (defaults) — the skill does not demand permanent presence or elevated platform privileges. It does include allowed-tools metadata recommending exec and web_fetch, but those are tool recommendations, not forced privileges.