Skillv1.0.0

ClawScan security

Firm Fleet Manager Pack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 1, 2026, 10:16 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (managing a fleet of gateways) is plausible, but the runtime instructions are underspecified and don't explain how the agent will access instances or credentials — that mismatch warrants caution.
Guidance: This skill claims to manage gateway fleets but the runtime instructions are vague and don't say how it discovers or authenticates to instances. Before installing: (1) ask the publisher what mcp-openclaw-extensions provides and whether it supplies endpoints/credentials and what permissions are required; (2) require explicit documentation of how instances are discovered and what credentials or keys will be used; (3) restrict the skill to a test/staging environment first and audit all broadcast/remove actions; (4) insist on safety controls (confirmation prompts, dry-run modes, and limited-permission service accounts) and logging/rollback mechanisms; (5) if you cannot verify where credentials are stored or how access is authorized, avoid enabling this skill in production.

Review Dimensions

Purpose & Capability: concernThe skill claims full fleet management (add/remove, broadcast, config sync), which normally requires network endpoints, authentication, and access to gateway management APIs. The SKILL.md lists tools but provides no information about how connections, credentials, or target endpoints are discovered or secured. It does declare a dependency on mcp-openclaw-extensions >= 3.0.0, but the skill doesn't explain what that extension supplies, so it's unclear whether the dependency justifies the lack of other requirements.
Instruction Scope: concernSKILL.md is high-level: it enumerates tool names and a usage snippet but contains no concrete runtime steps, commands, API endpoints, configuration locations, or safety checks. That vagueness grants the agent broad discretion at runtime (e.g., how to find instances, what credentials to use, what commands to broadcast), which is scope-creep for a management pack and increases risk.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by the skill itself. That lowers installation risk. The only declared dependency is mcp-openclaw-extensions, which is reasonable if that extension is the intended integration point.
Credentials: concernNo environment variables, credentials, or config paths are declared despite the skill's control-capable features (add/remove, broadcast). Fleet management normally requires credentials or service endpoints; the absence of declared secrets is a mismatch. It's possible the mcp-openclaw-extensions package handles auth, but the skill should state that explicitly and document required permissions and credential scope.
Persistence & Privilege: okThe skill does not request always: true and is user-invocable with normal autonomous invocation allowed. It does not declare modifications to other skills or system-wide settings. This is the expected privilege model for an operational management skill.