Skillv1.0.0

ClawScan security

Reader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 8:07 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its description: local text processing with no networking or credential requests, but it persists processed items to a local history file you should be aware of.
Guidance: This skill appears coherent and local-only: it reads files or pasted text, summarizes/extracts/compares, and logs sessions to ~/.openclaw/workspace/memory/reader/history.json. Before installing, consider whether you want processed text or file paths retained there — the history can contain sensitive material. If you prefer not to retain data, inspect or delete that file (or modify the scripts to disable logging) after running init_storage.py. Verify python3 is available and, if you want extra caution, run the scripts in a restricted environment (container or VM) and review the source files yourself. There is no networking, no credential requests, and no external dependencies in the provided code.

Purpose & Capability: okName/description (local-first reading, summarization, comparison) aligns with the provided Python scripts. All files implement text loading, splitting, summarization, extraction, comparison and local session logging — nothing unrelated is requested.
Instruction Scope: noteSKILL.md and scripts limit operations to reading local files or direct text input and writing session metadata. No networking, external APIs, or environment-variable access are present. Note: the skill records sessions (file paths and operation types) and does store text-derived outputs in a local history file, which may retain sensitive content.
Install Mechanism: okNo install spec; instruction-only with included Python scripts. Requires only a local python3 binary and no external packages. No downloads or third-party installers are used.
Credentials: noteThe skill requests no credentials or env vars (proportional). It does create and update ~/.openclaw/workspace/memory/reader/history.json to record sessions and metadata — this is reasonable for a local reader but means processed inputs (or references to file paths) are persisted locally.
Persistence & Privilege: okalways is false; the skill only writes to its own directory under the user's home. It does not modify other skills, system settings, or request elevated privileges.