Skillv0.1.0

ClawScan security

System Health Check · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 5:58 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (a read-only system health validator) mostly fits the resources it asks for, but there are several internal inconsistencies around required tools and whether it actually writes data that make the package suspicious without further clarification.
Guidance: Before installing or enabling this skill, ask the maintainer to clarify the contradictions: (1) does the tool truly run read-only, or will it create reports/log entries under OPENCLAW_DATA_DIR (which implies writes)? (2) why does EVALS.json expect 'curl' while the skill metadata does not list curl as required? (3) what exactly do the 'encryption' and 'integrity' checks read or require (any secrets or privileged access)? If you plan to run it, test in a non-production environment first, inspect what files it actually creates when run with different flags (especially --save-report), and ensure your agent's ability to auto-invoke the skill is constrained if you do not want automated writes to your data directory.

Review Dimensions

Purpose & Capability: noteName/description (system health validator for OpenClaw) align with requiring openclaw, jq, and OPENCLAW_DATA_DIR. openssl for hash checks is reasonable. However the EVALS.json expectations mention verifying 'curl' is installed while the declared required binaries do not include curl, and counts for expected skill/EVAL files are inconsistent (expected_count:20 vs narrative '19 operational skills + canonical map'). These mismatches are minor but unexplained.
Instruction Scope: concernSKILL.md repeatedly claims 'read-only' and 'never modifies any data' but also documents features that write or log data: --save-report (writes to /data/reports/system/), EVALS expectations that failures are logged to /data/memory/failures/, and example remediation advice that implies state changes by operators. The instructions instruct reading many sensitive paths under $OPENCLAW_DATA_DIR (expected), but the read-only promise conflicts with documented report/log writing and is not reconciled in the documentation. The 'encryption status' and 'integrity' checks are underspecified (unclear if they require keys or privileged reads).
Install Mechanism: okInstruction-only skill with no install spec or code files — lowest install risk. Nothing is downloaded or extracted by the skill itself.
Credentials: noteOnly OPENCLAW_DATA_DIR and availability of jq/openssl/openclaw are required — this is proportionate for a health-checker that scans the OpenClaw data tree. No secrets or unrelated credentials are requested. Minor discrepancy: EVALS.json expects curl to be verified but curl is not declared as required.
Persistence & Privilege: concernThe skill is not forced-always and is user-invocable (normal). However the documentation implies it can write reports/logs under $OPENCLAW_DATA_DIR (e.g., --save-report and logging failures), contradicting the 'read-only' promise. If allowed to run autonomously by the agent, that write behavior could create data the user did not expect. Clarification is needed about what the skill will write by default and whether any writes require explicit flags or elevated permissions.