Skillv1.0.0

ClawScan security

Upgrade Guardian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 5:12 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only upgrade-audit protocol whose requested actions and artefacts are coherent with its stated purpose and do not request unrelated credentials, installs, or network endpoints.
Guidance: This skill is a docs-first, instruction-only upgrade audit protocol and appears coherent with its stated purpose. Before installing or invoking it: 1) Be aware the protocol expects to read local OpenClaw config and logs (openclaw.json, session files, gateway logs) and run OpenClaw CLI commands — grant file/command access only if you trust the agent. 2) It may suggest running backup/cleanup commands; do a manual backup and review any deletion commands before executing. 3) The skill fetches changelogs (network access) which is expected for its task; ensure changelog sources are trusted. 4) If you plan to allow autonomous execution, consider limiting the agent's runtime permissions (or require operator confirmation) for actions that modify files or delete backups. Overall, nothing here is disproportionate or unrelated to upgrade auditing.

Review Dimensions

Purpose & Capability: okName and description claim an upgrade-audit protocol for OpenClaw; the SKILL.md and reference docs only request actions and data consistent with that purpose (changelog analysis, reading openclaw.json, running verification checks). No unrelated credentials, binaries, or external services are required.
Instruction Scope: okRuntime instructions direct the agent to fetch changelogs, parse them, cross-reference openclaw.json and active workflows, generate reports, and run verification commands (openclaw doctor, openclaw status, backup, log checks). Those operations are within scope for upgrade auditing. The docs reference reading workspace and home-path session files and saving reports under workspace-relative kb/logs/ paths — appropriate for an audit tool. There are no instructions to collect or transmit data to unexpected external endpoints.
Install Mechanism: okInstruction-only skill with no install spec and no code files. No packages or remote downloads are requested, minimizing persistence and supply-chain risk.
Credentials: okThe skill does not declare any required env vars, credentials, or config paths beyond reading local OpenClaw config and logs (openclaw.json, ~/.openclaw sessions/logs, workspace kb/). Those data sources are proportionate to performing a pre/post-upgrade audit. No unrelated secrets or external tokens are requested.
Persistence & Privilege: okalways is false and the skill does not request system-wide persistence. It recommends saving reports inside the agent workspace, which is reasonable for audit artifacts. The skill does include commands that could modify or delete local backups if executed (example backup cleanup patterns), but those are described as operator actions and are reasonable within an upgrade workflow.