Skillv1.0.0

ClawScan security

Strategy Consultant Package · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 5:40 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly matches its stated consulting purpose, but several metadata and runtime inconsistencies (undeclared Brave API credential + gateway config edits, mismatched owner/version metadata, and an expert‑library claiming real persons) warrant caution before installing or providing secrets.
Guidance: This package appears to be a legitimate strategy/consulting toolkit, but there are several red flags you should resolve before installing or supplying credentials: 1) BRAVE_API_KEY is referenced in docs (and used by the Brave integration examples) but the skill metadata does not declare any required environment variables — ask the author to explicitly declare BRAVE_API_KEY (and any other secrets) in requires.env before providing keys. 2) The docs instruct editing ~/.openclaw/gateway/config.yaml or running openclaw configure to store the API key. Editing gateway config grants the skill platform‑wide access if the gateway is shared — only do this after you trust the skill source. Prefer setting credentials in a per-project environment rather than a global gateway if possible. 3) Metadata inconsistencies: _meta.json, SKILL.md versions, and the owner IDs differ across files. Confirm the authoritative source (publisher) and that the package hasn't been tampered with. 4) Expert library includes many high‑profile real people presented as 'expert opinions' — this is a content/impersonation risk (not a technical exploit). Decide whether you are comfortable using generated/summarized opinions attributed to public figures. 5) Because the skill can be invoked autonomously by agents (normal default), avoid giving it sensitive keys until the above are clarified. If you must test it, run in an isolated/non‑production environment and use a throwaway Brave API key or restrict network access. Request clarifications from the publisher: explicit required env vars, why gateway config edits are needed, confirmation of owner/publisher identity, and a signed/versioned manifest. If they cannot provide clear answers, treat the skill as untrusted and do not supply real API keys or modify global gateway configs.

Review Dimensions

Purpose & Capability: noteThe skill's files, templates and tools align with a strategy-consultant purpose (market research, templates, expert library). However, documentation and code reference Brave Search integration and gateway configuration while the registry metadata declares no required environment variables or config paths — that mismatch is unexpected and should be justified.
Instruction Scope: concernSKILL.md and docs instruct the agent to run searches, write output files into workspace directories (e.g., 00-work/interview/workshop/, reports/), and to configure Brave API access in environment variables or OpenClaw gateway config. Those instructions do not themselves exfiltrate data, but they direct edits to user/system config files (~/.openclaw/gateway/config.yaml) and rely on environment variables that the registry did not declare.
Install Mechanism: okNo install spec and only an instruction‑only workflow plus a small helper script (tools/brave_search.py) — nothing is downloaded from external URLs or written to system paths by an installer. This is the lower‑risk install model.
Credentials: concernDocs and brave setup guide instruct users to provide BRAVE_API_KEY (env var or gateway config), but the skill metadata lists no required env vars or primary credential. That mismatch means the skill may expect secrets but does not declare them, which prevents automated vetting and increases risk if users supply secrets without realizing which skill will use them. The README also references a particular workspace path for auto‑loading which is not declared in required config paths.
Persistence & Privilege: okSkill is not always:true and does not request elevated platform privileges in metadata. It instructs writing outputs into project/workspace directories (expected for a document/reporting skill) and does include guidance to edit the OpenClaw gateway config — that action requires user consent but is not requested automatically by an installer.