Back to skill
Skillv1.9.0
ClawScan security
OpenClaw DX · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 14, 2026, 4:27 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions are largely coherent for diagnosing an OpenClaw gateway, but it reads sensitive local auth files and an environment variable not declared in the metadata and makes an unexplained claim about writing reports — these mismatches warrant caution.
- Guidance
- This skill appears to be a legitimate diagnostic playbook, but it reads sensitive local files and an environment variable that are not declared in the registry metadata. Before installing or allowing autonomous use: 1) Confirm you trust the skill's source (owner ID is present but no homepage). 2) Backup ~/.openclaw and related files. 3) Ask the publisher to explicitly declare OPENCLAW_GATEWAY_TOKEN and any credential files the skill reads. 4) If you plan to let the agent run autonomously, ensure outputs (logs, tokens) won't be transmitted off-host; consider running the steps manually or in a controlled environment first. 5) Request clarification or an explicit command that writes the incident report to ~/clawd/inbox (or remove the claim) so the behavior is transparent.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description (gateway diagnosis & remediation) matches the commands and fixes in SKILL.md (log tails, lsof/ps, openclaw CLI, config edits). Minor inconsistency: the header claims it 'writes incident report to ~/clawd/inbox' but the provided runtime instructions do not show any explicit commands that create or write that report.
- Instruction Scope
- concernInstructions direct the agent/operator to read multiple user config and credential files (~/.openclaw/*, ~/.openclaw-vesper/*), tail logs, inspect auth-profiles.json (tokens/expiry), and echo the OPENCLAW_GATEWAY_TOKEN env var. Those operations are functionally appropriate for debugging but are sensitive and are not explicitly limited (e.g., no guidance on redaction or safe handling). The instructions also include editing configs and running interactive re-auth — normal for troubleshooting but high-sensitivity actions.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk or fetched during install, which reduces technical risk.
- Credentials
- concernMetadata declares no required env vars or credentials, yet the instructions explicitly read OPENCLAW_GATEWAY_TOKEN and local auth-profiles.json (which contain access tokens/refresh tokens). The skill therefore accesses sensitive secrets without declaring them in requires.env/primaryEnv; this discrepancy should be justified or corrected.
- Persistence & Privilege
- okalways is false and there are no install-time changes or claims to modify other skills or global agent settings. The skill asks the operator to edit local config files as part of remediation, which is expected for this purpose.