Skillv0.1.12

ClawScan security

Membox Cloud Sync · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 6:15 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required actions, and documentation are coherent with its stated purpose (encrypted Membox sync) and it does not request unrelated credentials or install arbitrary code itself.
Guidance: This skill appears internally consistent, but before installing: 1) Verify the plugin package source (@membox-cloud/membox on npm) and the ClawHub skill identity to ensure you get the official package. 2) Prefer to run the openclaw/plugins install commands manually (or review what they will install) rather than allowing an agent to install automatically. 3) Follow the SKILL.md rules: never paste passphrases, recovery codes, or decrypted bundles into chat; store them in local private files (e.g., .membox-secrets) with strict permissions. 4) Confirm the default API base (https://membox.cloud/api/v1) matches your expectations or change it for self-hosting. 5) If you want stronger isolation, perform plugin install and initial pairing in a separate VM or sandbox and inspect the plugin code/tarball from npm before trusting it.

Purpose & Capability: okName/description match the instructions: the SKILL.md consistently describes installing the Membox plugin, pairing devices, using membox_* tools, and interacting with membox.cloud APIs. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope: okRuntime instructions stay within the stated scope: they direct the agent to install/use the Membox plugin or use the documented HTTP endpoints, handle local passphrase/recovery files, and explicitly forbid sending secrets into chat. The skill does not instruct the agent to read arbitrary system files or exfiltrate data to unexpected endpoints.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written by the skill itself. The install steps it recommends (npm plugin and ClawHub skill install) are expected for the functionality described.
Credentials: okNo environment variables, credentials, or config paths are declared. Authentication and tokens are handled via the plugin/device-flow and local files as documented, which is proportionate to the sync/restore purpose.
Persistence & Privilege: okThe skill is not always-enabled (always: false). agents/openai.yaml sets allow_implicit_invocation: true (enables implicit invocation when relevant), and model invocation is allowed (the platform default). These are normal for a user-invocable skill and are not excessive by themselves.