Skillv0.1.1

ClawScan security

Slap Detector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 4, 2026, 11:58 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are internally coherent with its stated purpose (reacting to MacBook accelerometer events), but the MCP binary is unvetted and the example uses sudo — verify provenance and privileges before enabling.
Guidance: This skill appears to do what it says (respond to accelerometer events) and doesn't request secrets, but exercise caution because the source/homepage are unknown and the example MCP invocation uses sudo. Before installing: (1) verify the provenance of the 'slap-your-openclaw' MCP binary and prefer running it without sudo or with least privilege; (2) confirm the MCP server isn't exfiltrating events or connecting to untrusted endpoints; (3) test in a controlled environment (or VM) first; (4) if you must run with elevated privileges, audit the binary or ask the provider for source/release artifacts. If you can't verify the MCP binary's origin, treat this as higher risk.
Findings: [no_code_files] expected: Regex-based scanner had no code files to analyze; the skill is instruction-only (SKILL.md).

Purpose & Capability: okThe name, description, and the listed MCP tools (slap_status, slap_wait_for_event, slap_get_config, etc.) align with a sensor-reactive skill. No unrelated credentials, network endpoints, or system paths are requested.
Instruction Scope: noteSKILL.md limits actions to interacting with an MCP-provided slap detector and responding with personality text. It does instruct blocking waits (slap_wait_for_event) and runtime config changes (slap_set_config). The example MCP config uses 'sudo' to invoke 'slap-your-openclaw', which elevates privilege and should be scrutinized; otherwise the instructions do not reference unrelated files or env vars.
Install Mechanism: okThere is no install spec and no code files (instruction-only), so nothing is written to disk by the skill itself. This minimizes install-time risk.
Credentials: noteThe skill requires no environment variables or credentials, which is proportionate. However, the MCP invocation example calls a system binary (via sudo in the example) to access hardware — hardware access often requires elevated privileges, so confirm you trust the MCP server binary and its need for sudo.
Persistence & Privilege: okalways:false and no requests to modify other skills or system-wide configs. The skill can be invoked autonomously (default), which is normal; this is not by itself a concern.