ClawHub
Back to skill
v1.0.0

Firm Reliability Pack

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:17 AM.

Analysis

The skill is a coherent instruction-only reliability/audit helper, with only minor setup and scope items users should notice.

GuidanceThis looks safe to install as an instruction-only reliability helper, but verify the external mcp-openclaw-extensions dependency and only point the tools at configuration files you intend the agent to inspect or use for probing.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceMediumStatusNote
SKILL.md
openclaw_gateway_probe config_path=/path/to/config.json
openclaw_doc_sync_check config_path=/path/to/config.json

The skill documents tools that operate on a user-provided configuration path and may perform reliability checks such as gateway probing. This is aligned with the stated purpose, but users should provide only intended config files.

User impactIf pointed at the wrong configuration file, the tool may inspect or act on unintended reliability settings or endpoints.
RecommendationUse explicit, intended config paths and review what environment or service the config describes before invoking the tools.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
requires:
      - mcp-openclaw-extensions >= 3.0.0

The skill depends on an external MCP extension with a lower-bound version requirement. This dependency is disclosed and purpose-aligned, but the provided artifacts include no install spec, lockfile, homepage, or source provenance for that dependency.

User impactThe behavior users receive may depend on the installed version and provenance of the external extension.
RecommendationInstall the dependency only from a trusted source and prefer a reviewed or pinned version when possible.