Skillv1.0.0

ClawScan security

Firm Platform Audit Pack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 11:17 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with a platform-audit pack: it is instruction-only, declares the required OpenClaw extension, and asks the agent to run audit tools against a config file — but the package origin is unknown, so validate the extension and review before running on sensitive configs.
Guidance: This instruction-only audit pack appears coherent with its stated purpose, but the source/homepage is missing. Before using: (1) confirm mcp-openclaw-extensions >=3.0.0 comes from a trusted repository and matches the expected vendor, (2) run the checks on a copy or non-production config if those files contain secrets, (3) review the actual implementation of the extension/tools if possible (the SKILL contains no code itself), and (4) treat AI-generated content as guidance only — validate results and outputs before making platform changes.

Review Dimensions

Purpose & Capability: okThe name/description align with an audit pack for OpenClaw 2026.2. The SKILL.md lists audit tools (secrets, routing, voice, trust, autoupdate, plugin SDK, content boundaries, sqlite-vec) and declares mcp-openclaw-extensions >= 3.0.0 as a requirement; these tools are plausibly provided by that extension. There are no unrelated credentials or binaries requested.
Instruction Scope: noteInstructions are minimal and simply show invoking audit commands with a config_path argument. That is coherent for an audit pack, but running these checks will require access to platform config files (which may contain secrets or sensitive settings). The SKILL warns that content was AI-generated and needs human validation — follow that guidance.
Install Mechanism: okThere is no install spec and no code files (instruction-only). This minimizes on-disk installation risk. The declared dependency on mcp-openclaw-extensions is reasonable for this purpose but you should obtain that extension from a trusted source.
Credentials: noteThe skill does not request environment variables or credentials (none declared). However, it operates by taking a config_path — the config you point it at could contain secrets. That is expected for an audit tool, but you should be deliberate about which config files you provide.
Persistence & Privilege: okDefaults are normal (always: false, agent invocation allowed). The skill does not request elevated/persistent platform presence or modify other skills. No persistence concerns are evident from the SKILL.md.