Skillv1.4.2

ClawScan security

Skilled OpenClaw Advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 9:15 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says: it builds and queries a local SQLite FTS5 index of OpenClaw docs and only accesses local files and the OpenClaw CLI; no external network endpoints or secret exfiltration are requested.
Guidance: This skill appears to be internally consistent and does what it claims: build and query a local index of your OpenClaw docs. Before installing, consider: (1) the build script may call 'npm' and 'which' to locate the docs — ensure those binaries are present and trustworthy on your PATH (this is an operational omission, not malicious); (2) the indexer will read all markdown files under the detected docs path, so if your OpenClaw docs directory contains private information you do not want indexed, do not run the build; (3) the skill writes files under ~/.openclaw/skills-data/skilled-openclaw-advisor/, so review or relocate that directory if you have storage/policy concerns; (4) the update script can call 'openclaw message' to send local notifications — no network calls are made by the skill, but you may prefer to run updates manually or inspect the diff output first. If you want higher assurance, inspect the three included Python scripts on your machine before running build_index.py.

Review Dimensions

Purpose & Capability: okName/description match the code and runtime needs: the scripts scan local OpenClaw docs, build a local FTS5 index, and query it. Declared required binaries (python3, openclaw) are appropriate for the stated purpose. A minor omission: the index-builder optionally calls 'npm' and 'which' to detect docs (and uses the npm global path fallback), but 'npm' is not listed in the declared required binaries. This is an operational/packaging omission rather than a malicious mismatch.
Instruction Scope: okSKILL.md and the scripts confine activity to the local machine: they read the OpenClaw docs directory, read optional openclaw.json config, and write runtime data under ~/.openclaw/skills-data/skilled-openclaw-advisor/. The update script may call the OpenClaw CLI (openclaw message) to post a local notification; no direct network calls are made by the code. The scripts will index whatever markdown files exist in the docs path (including private/local docs) — expected for this skill but worth noting.
Install Mechanism: okThis is instruction-only with included scripts (no external downloads). The metadata includes an exec install step that runs the local build_index.py script. The code uses only the Python stdlib and spawns local binaries; there are no network-based installers, remote archives, or third-party package pulls performed by the skill itself.
Credentials: okThe skill declares no required environment variables or credentials and does not attempt to access secrets. It reads ~/.openclaw/openclaw.json (documented optional config) and the local docs directory. No unrelated credentials or external service keys are requested. The only notable point: it invokes system tools (npm, which, openclaw) via subprocess; these are normal for locating local installs but were not all listed in the declared binaries.
Persistence & Privilege: okThe skill stores its data under ~/.openclaw/skills-data/skilled-openclaw-advisor/ (state.json, index.db, diffs, versions) consistent with the documented convention. It does not request always:true or attempt to modify other skills' configs. Autonomous invocation is allowed by default (platform standard) but does not combine with broad credential access here.