Back to skill
Skillv0.2.0
ClawScan security
说人话 NoJargon · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 7, 2026, 9:19 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only discovery document that matches its stated purpose (finding/controlling a plain-language NoJargon OpenClaw plugin); it requests no credentials, installs, or privileged settings.
- Guidance
- This discovery skill is descriptive only and does not request credentials or install code. Before installing the actual plugin referenced, review the GitHub repo and plugin code (or the ClawHub page) to confirm it behaves as advertised and to check any runtime permissions the plugin requests. If you plan to enable the plugin, note it will rewrite outgoing replies locally — ensure that behavior and any data handling are acceptable for your use case. If you need extra assurance, inspect the plugin source or run it in a safe/test environment first.
Review Dimensions
- Purpose & Capability
- okThe name/description (NoJargon — rewrite jargon into plain language) matches the SKILL.md content (routes, repo, install/enable commands, runtime controls). Nothing in the skill asks for unrelated capabilities or secrets.
- Instruction Scope
- okSKILL.md is purely descriptive and prescriptive about how to discover, install, enable, and control the plugin (CLI commands, URLs). It does not instruct the agent to read arbitrary files, access unrelated environment variables, or exfiltrate data. It notes the plugin rewrites replies locally, which is consistent with the stated function.
- Install Mechanism
- okNo install spec or code files are included in the skill bundle (instruction-only). The SKILL.md references standard install commands for OpenClaw plugins and public URLs (GitHub, ClawHub), which is expected and low risk for a discovery doc.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. SKILL.md does not attempt to read or require additional secrets; this is proportionate for a discovery/instruction-only skill.
- Persistence & Privilege
- okalways is false and model invocation is allowed (default). The skill does not request permanent presence or attempt to modify other skills or system-wide settings. It only documents how to enable/disable the plugin via standard commands.