Back to skill
Skillv1.0.0
ClawScan security
Verifier · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 2:58 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and storage needs align with its stated purpose of locally scoring/verifying claims and evidence; it does not request credentials or perform network or unexpected actions.
- Guidance
- This skill appears internally consistent and local-only. Before installing, confirm that: (1) you are comfortable with the case file being created at ~/.openclaw/workspace/memory/verifier/cases.json (it is not synced externally by the scripts), (2) your agent or you will perform text extraction from images/links (the scripts expect structured evidence and do not fetch or OCR content), and (3) python3 is available. Optionally inspect the included Python files yourself — they are short and use only the standard library — and consider backing up or reviewing the cases.json file if it will contain sensitive information.
Review Dimensions
- Purpose & Capability
- okName, description, and included scripts all implement a local claim/evidence verification workflow (capture, update, score, list, show, close). No unrelated binaries, credentials, or services are requested.
- Instruction Scope
- noteSKILL.md explicitly requires the LLM/agent to extract text from screenshots and summarize external links before calling the scripts; the scripts themselves do not fetch remote content or inspect images. This separation is coherent but means the agent (or user) must supply extracted evidence — review how your agent will collect that evidence to avoid accidental exfiltration when performing extraction.
- Install Mechanism
- okNo install spec (instruction-only) and scripts are pure Python using only standard library. Nothing is downloaded or written outside the user's home-based workspace directory.
- Credentials
- okNo environment variables, credentials, or external APIs are required. The only runtime requirement is a local python3 binary, which is appropriate for these scripts.
- Persistence & Privilege
- okSkill does not request 'always: true', does not modify other skills or system-wide settings, and stores data only under ~/.openclaw/workspace/memory/verifier/cases.json. That local storage is proportional to the feature.