Skillv0.1.0

ClawScan security

scenique-context-frame · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 10:33 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code mostly matches its stated purpose, but it silently writes to a hard-coded root workspace path (/root/.openclaw/workspace/context_frames_pending.json) that is not documented in SKILL.md and is unexpected for a lightweight demo, so review is recommended before installing.
Guidance: This skill appears to do what it says (naive topic-switch detection and context-frame management) and does not perform network calls or require credentials, but it writes an undocumented file to /root/.openclaw/workspace/context_frames_pending.json. Before installing or running it in a production agent, ask the maintainer to: (1) explain and document why the skill writes to that path, (2) make the path configurable (e.g., via an env var or agent-provided workspace API), or (3) change it to a clearly scoped, non-root workspace location. Run the skill in a sandbox first, inspect the created JSON, and ensure file permissions and ownership are appropriate. If you cannot get those assurances, avoid installing it on systems where writing to /root or an agent workspace is sensitive.

Review Dimensions

Purpose & Capability: concernThe name/description (detect topic switches and manage Context Frames) aligns with the code (context_sim.py implements simple heuristics and frame management). However, the skill writes a JSON file to a hard-coded path under /root/.openclaw/workspace/context_frames_pending.json when switching frames — this filesystem interaction was not documented in SKILL.md nor declared in required config paths and appears disproportionate for a demo/instruction-only skill.
Instruction Scope: concernSKILL.md instructs running preload.py (and mentions a demo simulate mode) and does not disclose any filesystem side effects. The runtime code, however, attempts to read/append/write a JSON file at /root/.openclaw/workspace/context_frames_pending.json inside a try/except block. This is an undocumented I/O action that the agent will perform if the code runs and the environment permits it.
Install Mechanism: okNo install spec or remote downloads are present; the skill is delivered as local Python files (preload.py and context_sim.py) and runs locally. There are no external package pulls or network-based installers in the manifest.
Credentials: noteThe skill declares no required environment variables or credentials, which is consistent with the contained code (no network calls or secrets use). However, the hard-coded filesystem path under /root implies it expects access to a specific workspace location; that expectation should be documented or made configurable rather than baked in.
Persistence & Privilege: okThe skill is not marked always:true and does not modify other skills' configuration. Its only persistence is the local write to a workspace file under /root/.openclaw, which is limited in scope but should be treated cautiously because it's not documented.