Skillv1.0.0

ClawScan security

Firm Skill Loader Pack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 2, 2026, 12:17 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (lazy-loading and keyword search of local SKILL.md files) matches what its instructions describe; it is an instruction-only package that relies on an external extension for actual tooling, so there are no immediate red flags but you should verify the required extension and the scope of filesystem reads before installing.
Guidance: This is an instruction-only loader/search pack that depends on mcp-openclaw-extensions >= 3.0.0 to provide the actual tools. Before installing: (1) Verify the source and trustworthiness of the mcp-openclaw-extensions package (where it comes from and what permissions it needs). (2) Confirm what filesystem paths the underlying tools will read (ensure they won't expose secrets or unrelated files). (3) If possible, get or review the actual implementation of openclaw_skill_lazy_loader and openclaw_skill_search to confirm they behave as documented. If you cannot verify the extension or tool implementations, avoid installing or run in a restricted/test environment first.

Review Dimensions

Purpose & Capability: noteThe name/description claim lazy-loading and keyword search of local SKILL.md files. The SKILL.md references two tools (openclaw_skill_lazy_loader, openclaw_skill_search) but provides no code — it declares a dependency on mcp-openclaw-extensions >= 3.0.0 which plausibly supplies those tools. This is coherent, but the skill doesn't include the implementations itself, so you must trust the declared extension.
Instruction Scope: noteInstructions describe searching the local skills directory and lazy-loading SKILL.md files — this is within the stated purpose. The guidance is high-level and vague about exact paths and behaviors (what gets read, filtered, or returned), so there's some scope ambiguity: confirm what files the underlying tools will read and whether SKILL.md contents could be exposed to other skills or logs.
Install Mechanism: okNo install spec and no code files (instruction-only), so nothing is written to disk by this package itself. Risk is low from the skill bundle, but behavior depends on the external mcp-openclaw-extensions implementation which is not included here.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. That is proportionate to its described purpose.
Persistence & Privilege: okDefault flags (always:false, user-invocable:true, model invocation allowed) — no elevated persistence requested and no modification of other skills or system-wide settings is described.