Skillv0.1.1

ClawScan security

Clawstore · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 6, 2026, 8:57 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions and capabilities broadly match a package-manager skill, but there are provenance and metadata inconsistencies and an un-declared global npm install step that raise caution before you install or run anything.
Guidance: This skill's functionality is coherent, but exercise caution before running the recommended npm install or logging in: 1) Verify the provenance of the 'clawstore' npm package (npmjs.org page, maintainer, repository link) and confirm the registry URL (useclawstore.com) is legitimate. 2) Prefer inspecting the package repository and its code before a global install; consider installing in a sandbox or using a container. 3) Avoid granting publish/login rights to services you don't trust—check what OAuth scopes are requested during 'clawstore login'. 4) If you plan to publish agents, inspect what the CLI will upload (use 'clawstore pack' and validate) so you don't accidentally publish secrets. 5) Note the SKILL metadata omitted required tooling (npm/cli) — make sure your environment and security policies permit installing and running third-party CLIs.

Review Dimensions

Purpose & Capability: okThe skill name and description (search, install, publish OpenClaw agents) align with the runtime instructions (clawstore CLI commands: search, install, publish, login, etc.). The flows described (init, validate, pack, publish) are coherent with a package registry manager.
Instruction Scope: noteInstructions stay within the package-manager domain (scaffolding agent packages, inspecting tarballs, uploading to a registry, and using OAuth login). They reference local package files and the local OpenClaw workspace, which is expected. The instructions do assume the ability to run npm and a browser-based OAuth flow, but do not ask the agent to read unrelated system files or exfiltrate data.
Install Mechanism: concernAlthough the skill is instruction-only, SKILL.md tells the user to run 'npm install -g clawstore' (a global npm install). The skill metadata declared no required binaries, which is inconsistent — npm (and the installed CLI) are implicit requirements but not declared. Installing arbitrary third-party packages globally is a moderately high-risk operation if the package or its maintainer are untrusted; the SKILL.md provides no verified source link or guidance for vetting the npm package or its publisher.
Credentials: okThe skill declares no required env vars or primary credential. The SKILL.md relies on a browser-based GitHub OAuth login for publishing, which is a proportional and typical requirement for a publish flow and does not request hidden environment secrets. It does note that authentication persists across sessions — expected but users should be aware.
Persistence & Privilege: okThe skill is user-invocable, not always-on, and does not request system-wide configuration changes in its instructions. The only persistence mentioned is the CLI's authentication persistence across sessions (normal for a publish workflow).