Skillv1.0.0

ClawScan security

Reason · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 6:44 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with a local decision‑analysis helper and do not request secrets or network access, though some referenced scripts and docs are missing from the bundle and file-path details differ slightly.
Guidance: This skill appears to be what it says: a local decision‑analysis helper that saves analyses to a local memory folder. Before installing, check the following: (1) the package references several scripts and reference files that are not included — request or inspect those files if you need the full feature set; (2) it will create and write JSON files under ~/.openclaw/workspace/memory/reason (ensure you are comfortable with that path and whether your environment syncs or backs it up); (3) there is no evidence of network access or secret collection in the provided code, but review any additional scripts (evaluate_argument.py, identify_fallacy.py, etc.) before enabling the skill. If you want extra assurance, ask for the full source for the missing scripts or run the included script in a sandbox to observe behavior.

Purpose & Capability: okThe name/description (reasoning and decision analysis) match the included script's behavior: local analysis output and storing a JSON record. No unrelated credentials, binaries, or services are requested.
Instruction Scope: noteSKILL.md references several scripts (evaluate_argument.py, identify_fallacy.py, structure_problem.py, check_bias.py, build_framework.py) and reference docs that are not present in the package. The provided script (analyze_decision.py) is self-contained and stays within local storage, but the missing files mean some runtime instructions cannot be followed as-is.
Install Mechanism: okNo install spec is provided (instruction-only plus one small script). Nothing is downloaded or installed by the skill itself.
Credentials: okThe skill requests no environment variables or credentials. It writes data locally only. The amount and type of access (writing to a local workspace directory) are proportional to its stated purpose.
Persistence & Privilege: noteThe script writes decision records to a directory under the user's home (~/.openclaw/workspace/memory/reason). This is expected for a memory feature, but note it will create/modify files in that path. always:false and no elevated privileges are requested.