Skillv1.0.0

ClawScan security

Liudao Heritage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 4:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (search/manage a local SQLite heritage DB) is plausible, but the provided package is incomplete and the runtime instructions rely on hard-coded host paths and missing modules—inspect the missing components before trusting or running it.
Guidance: Do not run these scripts or install the skill until you verify the missing modules and the database. Specifically: 1) Ask for or inspect the source of relation_engine.py and db_manager.py (they control DB reads/writes and privacy enforcement). 2) Confirm the DB path (/home/admin/.openclaw/workspace/liudao-bot/data/liudao.db) is the intended local file and contains only expected records. 3) Review db_manager.upsert_person and any network or file-I/O code to ensure there is no silent exfiltration or unexpected writes. 4) If you must test, do so in an isolated environment (non-production user, VM or container) with no sensitive data and monitor outbound connections. 5) If the skill is expected to be self-contained, request the missing files from the publisher; the current bundle is incomplete and therefore risky to run as-is.

Review Dimensions

Purpose & Capability: noteName and description match the included search and relation scripts and the DB schema (local SQLite). However, the scripts import db_manager and relation_engine modules that are not included in the bundle/manifest, which is inconsistent with the SKILL.md claim to provide 'full source of all included files'. This could mean the skill expects an existing workspace environment; either way it is an important omission.
Instruction Scope: concernSKILL.md directs running Python scripts that change working directories to /home/admin/.openclaw/workspace and operate against a hard-coded DB path under /home/admin/.openclaw/workspace/liudao-bot/data/liudao.db. The scripts append the bot directory to sys.path and import other modules (db_manager, relation_engine) not provided. Because the code manipulates cwd and imports modules from a host workspace, it can access any files under that workspace at runtime — the instructions give the agent broad filesystem reach beyond just a single DB file. The upsert/edit workflow references db_manager.upsert_person without showing its implementation, so write/modify behavior is unknown.
Install Mechanism: okThere is no install spec (instruction-only plus two scripts). No external downloads or package installs are requested in the bundle, which reduces installer risk. The remaining risk is runtime: the scripts expect other modules and a DB already present on the host.
Credentials: noteThe skill requests no environment variables or external credentials, which is proportionate to a local-DB heritage manager. However, it uses a hard-coded absolute path under /home/admin/.openclaw/workspace and suggests passing a 'viewer_id' (example looks like a Telegram ID) for privacy checks — you should verify that the code enforcing privacy is present and correct (db_manager and relation_engine), since those modules are missing from the bundle.
Persistence & Privilege: okalways is false and there's no install routine that would grant the skill persistent system-wide privileges. It does, however, run Python scripts that change cwd and import modules from the host workspace, so its runtime scope is as broad as the workspace contents but it does not request persistent agent-level privileges in the manifest.