Back to skill
Skillv1.5.0
ClawScan security
Truth first · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 3:41 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, files, and requirements are internally consistent with its stated purpose of evidence-first verification; it requests no credentials and contains no install steps or surprising network endpoints.
- Guidance
- This skill is coherent and appears to do what it says: run local checks and cite evidence before answering. Before installing, confirm you trust the skill source (source/homepage unknown), and be aware it expects command-line tools (ripgrep, shell utilities, and optionally the OpenClaw CLI) to perform checks even though those binaries are not declared in metadata. If you have sensitive files, run the skill in a restricted environment or review the SKILL.md and references/patterns.md to ensure the verification commands and paths match what you want it to access. If you need stricter limits, restrict the agent's filesystem/tool permissions or test in an isolated container first.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the SKILL.md: the skill is an evidence-first verification workflow. It expects tools like ripgrep and the OpenClaw CLI (used in examples), but the registry metadata does not list required binaries; this is a minor mismatch between documentation and declared requirements.
- Instruction Scope
- noteSKILL.md explicitly directs the agent to read files, run local commands (rg, ls, stat, openclaw gateway status, view logs) and cite evidence. Those actions are appropriate for verification tasks, but they do grant broad read/command capability over local files and system state — which is necessary for the skill's purpose but worth noting before allowing it to run with wide filesystem/tool access.
- Install Mechanism
- okInstruction-only skill with no install spec or archive downloads. Lowest-risk install footprint.
- Credentials
- okThe skill does not request environment variables, credentials, or config paths beyond referencing common OpenClaw config locations in examples. No disproportionate credential access requested.
- Persistence & Privilege
- okNo always:true, no install scripts, and no modifications to other skills or system-wide configuration are present. Normal, non-persistent skill.