Skillv1.0.2

ClawScan security

Context Cleaner (.md cleanup) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 2:17 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions align with its stated purpose (editing workspace Markdown files to reduce tokens); it is an instruction-only tool that operates on user workspace files and does not request unrelated credentials or installs.
Guidance: This skill is internally consistent with its purpose, but review and proceed cautiously: 1) Verify the workspace path (/home/[USER]/.openclaw/workspace) matches your environment before running. 2) Always inspect the produced backup tar (location reported by the skill) and confirm the before/after diffs before accepting changes. 3) Be especially cautious if you run the 'main workspace' optimization — it can change core files (SOUL.md, AGENTS.md, etc.); only proceed after explicit confirmation. 4) Clarify how the skill handles IDs/placeholders (Discord/Notion) to avoid breaking integrations; test on a copy or non-production agent first. 5) If you allow the agent to run skills autonomously, restrict or monitor operations that target all agents or core files. If you want, request the author add a configurable workspace path and an explicit dry-run mode to improve safety.

Review Dimensions

Purpose & Capability: okName/description (context cleanup, token reduction, backups/rollback) match the instructions: the SKILL.md only reads and writes .md files under an OpenClaw workspace and creates tar backups. There are no unrelated credentials, binaries, or installs requested.
Instruction Scope: noteInstructions explicitly operate on /home/[USER]/.openclaw/workspace and detail safe operations (timestamped backups, preview/diff, rollback). Minor issues: path is hardcoded to /home/[USER] which may not match every environment, and some template wording (e.g., 'Preserve: Discord channel IDs (replace with [DISCORD_CHANNEL_ID] placeholder)') is ambiguous about whether secrets are removed or preserved. Otherwise the steps stay within the stated purpose and don't instruct network exfiltration or access to unrelated system areas.
Install Mechanism: okNo install spec and no code files — instruction-only. This minimizes risk because nothing is downloaded or written to disk by the skill bundle itself beyond what the agent is instructed to do at runtime.
Credentials: okThe skill requires no environment variables, no credentials, and no special config paths beyond the workspace files it claims to modify. Requested access is proportional to the task of editing agent workspace files.
Persistence & Privilege: notealways:false (normal) and the skill is user-invocable. The SKILL.md permits operations across all agents and main workspace files (with an explicit confirmation step), so users should be careful when authorizing 'all agents' or 'main workspace' scopes. Autonomous invocation is allowed by platform default but is not a red flag here by itself.