Skillv1.0.0

ClawScan security

Openclaw Evolution · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 1:15 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This is an instruction-only onboarding guide for OpenClaw that is internally consistent with its stated purpose; it requests no credentials or installs. A pre-scan prompt-injection pattern was detected (likely a false positive) — review that part before trusting automated actions.
Guidance: This skill is an onboarding guide and appears coherent and proportionate: it doesn't request secrets or install code. Before installing or following its autonomous-action examples, do the following: (1) Inspect AGENTS.md / SOUL.md examples and explicitly add safety rules (ask-before public post, require permission for sudo/rm -rf, restrict channels via allowedChatIds); (2) When connecting channels, always use allowedChatIds/allowedGuildIds to prevent open access; (3) Do not grant third-party API keys or enable cross-posting until you test low-risk automations; (4) Because the scanner flagged a possible 'system-prompt-override' pattern, scan the skill for any lines that tell the agent to ignore platform/system constraints and remove them if present; (5) If you want higher assurance, run the guide in a sandbox or on a non-production agent instance first.
Findings: [system-prompt-override] unexpected: The static scan flagged a 'system-prompt-override' pattern. The SKILL.md contains meta-discussion about SOUL.md not being a system prompt and how the agent should read local identity files; this likely triggered a heuristic. It's not an obvious attempt to override system prompts, but review any phrasing that tells the agent to ignore platform/system constraints before enabling autonomous behaviors.

Review Dimensions

Purpose & Capability: okThe name/description (onboarding / two growth paths) matches the content of SKILL.md and the reference files. It is an instruction-only skill with no declared env vars, binaries, or install steps, which is proportionate for a guide.
Instruction Scope: noteSKILL.md and reference files recommend creating and reading local workspace files (SOUL.md, USER.md, AGENTS.md, memory/*), configuring channels, and installing OPTIONAL skills. The examples intentionally allow agents to read files, check calendars, and act autonomously if configured. That scope is consistent with an agent-onboarding guide, but it grants broad discretion in examples (e.g., 'Read files, search web, check calendar', 'post on [platforms] with judgment'), so users should be deliberate about safety rules in AGENTS.md before granting the agent write/post permissions.
Install Mechanism: okNo install spec and no code files — instruction-only. This is the lowest-risk install mechanism; nothing is downloaded or written by the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. Reference examples mention provider API keys and bot tokens as examples for channel setup, but these are not requested by the skill itself and are appropriate for the described multi-agent/channel scenarios.
Persistence & Privilege: okalways:false and no special privileges requested. The skill can be invoked by the model (default behavior) but does not request permanent inclusion or modify other skills. Users should note that agent autonomous actions are discussed in the guide and should be gated via AGENTS.md safety rules.