OpenClaw Blackbox
ReviewAudited by ClawScan on May 4, 2026.
Overview
This is a purpose-aligned debugging CLI, but it installs an npm binary and reads local OpenClaw run data that may contain sensitive prompts, tool results, URLs, and paths.
This skill appears coherent and purpose-aligned for debugging OpenClaw runs. Before installing, make sure you trust the @shan8851/blackbox npm package, because its code was not included in the submitted artifacts. When using it, remember that reports may contain sensitive local run details; review and redact them before sharing.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the npm package that implements the blackbox command.
The skill depends on an external npm package that provides the executable CLI. This is expected for a CLI skill, but the package code was not included in the provided artifacts.
node | package: @shan8851/blackbox | creates binaries: blackbox
Install only if you trust the package publisher and source repository; consider reviewing the npm package or GitHub project before using it on sensitive OpenClaw state.
Generated reports or terminal output may reveal private task details, local file paths, URLs, or tool inputs/results if copied or shared.
The CLI is designed to read persisted local agent run evidence and produce reports that may contain sensitive prior prompts, tool data, and paths. This is purpose-aligned and disclosed, but users should handle the output carefully.
Requires local OpenClaw state; by default it reads `~/.openclaw` ... Reports can include prompts, tool arguments/results, URLs, and local paths; review before sharing externally
Inspect reports locally, avoid sharing full reports externally without redaction, and use explicit session IDs or scoped OPENCLAW_HOME values when possible.