Skillv1.0.3

ClawScan security

Claw Roam · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:08 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says — a git-based workspace sync helper — and its files and instructions are consistent with that purpose, but users should be cautious about what they push to a remote repository (secrets, credentials, or sensitive runtime data).
Guidance: This skill is coherent for syncing an OpenClaw workspace via git, but take these precautions before installing/using it: (1) Verify and trust the configured git remote URL — anything you push is sent to that remote. (2) Review and update .gitignore to prevent committing credentials, tokens, keys, or other sensitive files. (3) Avoid enabling the suggested cron auto-push unless you are sure nothing sensitive will be committed automatically. (4) Inspect scripts/claw-roam.sh yourself (it’s included) so you understand exactly what will run. (5) Be aware the script will use whatever git credentials are present on the machine (SSH keys, credential helpers) — it does not ask for or store new credentials. If you want stronger safety, run commands manually or restrict the repo to a private, trusted host.

Review Dimensions

Purpose & Capability: okName/description match the behavior. The SKILL.md and the included shell script implement git-based push/pull/status/sync workflows for ~/.openclaw/workspace. No unrelated services, credentials, or binaries are requested.
Instruction Scope: noteInstructions and the script operate squarely on the workspace git repo. They automatically add/commit/push changes and suggest cron auto-push and changing Telegram webhooks. These behaviors are expected for a sync tool but carry data-exposure risk: automatic commits/pushes (and recommended cron jobs) can publish secrets or sensitive files to the configured remote if .gitignore is incomplete or the remote is untrusted. The SKILL.md also suggests updating webhook/token settings (operational guidance, not performed by the script).
Install Mechanism: okThis is an instruction-only skill with a shell script included; there is no install spec that downloads external artifacts. Nothing is fetched from arbitrary URLs or installed automatically by the skill package.
Credentials: noteThe skill declares no required env vars, which is reasonable because it relies on the user's existing git credentials and environment. The script does check the OPENCLAW_VPS environment variable and /etc/openclaw/vps file to detect VPS context (optional behavior), but these are read-only checks. Important: git push/pull operations will use whatever git auth (SSH keys, credential helpers, tokens) the host already has — the skill does not request credentials but will transmit repo contents to whichever remote is configured.
Persistence & Privilege: okalways is false and the skill does not request persistent platform privileges or modify other skills/config. It does not autonomously install itself or alter global agent settings.