Skillv3.0.0

ClawScan security

Oclaw Hermes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 11, 2026, 2:37 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches a bridging/agent orchestration purpose, but the package metadata omits many required credentials/config paths and the runtime instructions and code expect persistent local state and multiple API keys—these mismatches warrant caution before installing.
Guidance: This package appears to be a substantial bridge/orchestration project that will create local databases, write files under your home directory, and run Docker containers that connect to local and remote services. However, the registry metadata incorrectly claims no required environment variables or config paths while the SKILL.md, docker-compose.yml, and scripts clearly require multiple API keys and will persist memory data. Before installing: 1) do not supply high-privilege tokens (e.g., full cloud credentials); create least-privilege/test tokens instead; 2) review the .env.example and every script for endpoints and persistence locations (~/.openclaw, ~/.hermes, ~/.oclaw-hermes); 3) inspect the Docker images (nousresearch/hermes, bytedance/deerflow) you will pull—prefer pinned image digests and official images; 4) run in an isolated environment or VM first (to avoid leaking secrets or contaminating your real home config); 5) confirm the repository source and maintainership (the registry lists source unknown but SKILL.md references a GitHub repo); and 6) if you need this functionality, ask the author to correct the registry metadata (declare required env vars and config paths) and to provide a minimal test mode that doesn't auto-persist or auto-publish. The mismatches raise enough concern to pause installation until you verify secrets, image provenance, and the exact runtime behavior.

Review Dimensions

Purpose & Capability: concernThe skill claims to bridge OpenClaw, Hermes, and DeerFlow (expected to need local services, containers, and tokens), but the registry metadata lists no required environment variables or config paths. In reality SKILL.md, docker-compose.yml, and multiple scripts reference and require tokens/URLs (OPENCLAW_TOKEN, OPENROUTER_API_KEY, ANTHROPIC_API_KEY, DEERFLOW_*), and write to home config directories (~/.openclaw, ~/.hermes, ~/.oclaw-hermes). The omission in metadata is an incoherence: either the metadata is incomplete or the skill is hiding required privileges.
Instruction Scope: noteSKILL.md explicitly instructs cloning a GitHub repo, creating a .env with API keys, running docker-compose to pull/run multiple containers, and running Python scripts. These instructions will create persistent DBs and memory files and may push data to OpenClaw/Hermes/DeerFlow endpoints. The actions (running containers, creating files under user home, requiring tokens) are coherent for a bridge/orchestrator but grant broad local persistence and network access; the SKILL.md also references commands (e.g., python scripts/verify.py) not present in the manifest, which is a minor inconsistency.
Install Mechanism: noteNo formal install spec in the registry (instruction-only), but the project includes docker-compose that will pull images (nousresearch/hermes, bytedance/deerflow) and build local Dockerfiles. There are no obscure download URLs in the package itself, but running docker-compose will fetch external container images—this is expected for this type of project but increases risk surface (third-party images, network pulls).
Credentials: concernRegistry metadata claims no required env vars, yet SKILL.md, docker-compose.yml, and scripts require multiple credentials and service URLs (OPENCLAW_TOKEN, OPENROUTER_API_KEY, ANTHROPIC_API_KEY, DEERFLOW_GATEWAY_URL, DEERFLOW_LANGGRAPH_URL, etc.). The code also reads/writes to local config paths and persistent DBs under user home. Requesting multiple unrelated model-provider keys and platform tokens is reasonable for a multi-platform bridge, but the mismatch with declared requirements and lack of explicit justification is a red flag.
Persistence & Privilege: noteThe skill will create persistent artifacts (SQLite DBs in ~/.openclaw/.oclaw-hermes, files under ~/.hermes, Docker containers and volumes) and can sync memories across platforms. It does not set always:true, but it does request persistent local storage and may auto-register/publish skills per config options. Persistence and container orchestration are expected for this use case but increase blast radius; verify storage locations and retention policy before use.