Skillv0.1.0

ClawScan security

Lingua Universale Protocol Verification · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 8:00 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, files, and runtime instructions are internally consistent with its stated purpose of local protocol verification, but it depends on an external Python package and runs a local MCP server — review that dependency and run in a sandbox if you have concerns.
Guidance: The skill appears coherent for verifying agent protocols locally, but take these precautions before installing/running: (1) inspect the upstream package cervellaswarm-lingua-universale (source on the referenced GitHub) — the skill imports that package and its behavior determines what actually runs; (2) prefer installing and running the MCP server in a sandbox/container or an isolated environment to limit potential supply-chain risks; (3) confirm the uvx MCP server is not exposed to untrusted network endpoints (run it on localhost only) and that you trust the package author/repository; (4) avoid pip installing packages from unknown sources into sensitive environments — if you need high assurance, review the cervellaswarm-lingua-universale source code or vendor it from a vetted source. My confidence is medium because the provided lu_mcp_server.py was truncated in the report and the skill relies on a third-party package that will be pulled at install time; reviewing the full included code and the external package would raise confidence.

Review Dimensions

Purpose & Capability: okName, description, tools (lu_load_protocol, lu_verify_message, lu_check_properties, lu_list_templates), and required binary (uvx) align: uvx is used to run the MCP server and the package depends on cervellaswarm-lingua-universale for the verification logic. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md provides narrowly-scoped instructions for parsing .lu files, replaying message histories, and checking properties. It does not instruct the agent to read unrelated files, environment variables, or to send data to external endpoints. The install/run guidance (uvx openclaw-skill-lingua-universale or pip install + lu-mcp) is explicit and limited to running the MCP server locally.
Install Mechanism: noteThe registry entry has no automated install spec, but SKILL.md and pyproject recommend pip installing openclaw-skill-lingua-universale and the package depends on cervellaswarm-lingua-universale>=0.3.3. Installing via pip will pull a third-party package from PyPI (supply-chain risk) — there is no download-from-arbitrary-URL behavior in the skill files themselves.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The code shown does not access secrets or unrelated env vars. This is proportionate to a local verification tool.
Persistence & Privilege: okalways is false; the skill does not request permanent/global presence or to modify other skills' configurations. It runs as an MCP server (local process) which is the expected runtime model; autonomous invocation is allowed (normal) but not elevated.