ClawHub

Scopecheck

v1.0.0

Analyze an OpenClaw SKILL.md and extract its permission scope — what env vars, CLI tools, filesystem paths, and network URLs it accesses. Compares declared r...

0· 36·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match its code: it parses SKILL.md and reports env vars, CLI tools, filesystem paths, and URLs. It declares python as a required binary and installs FastAPI/uvicorn via pip; however the runtime instructions invoke the uvicorn binary but 'uvicorn' is not listed in the declared bins frontmatter (the pip install will provide it). This is a minor mismatch (documentation/metadata omission) rather than a capability mismatch.
Instruction Scope
SKILL.md instructs running a local uvicorn server and shows a curl + jq example to POST SKILL.md content. The example references external CLI tools (curl, jq) that are not declared in the skill metadata; these are usage examples for the operator rather than actions the skill performs itself, but you should be aware the examples assume those tools exist. The analyzer itself only processes the provided SKILL.md text and does not read system files or env vars beyond parsing the submitted content.
Install Mechanism
Install uses pip packages (fastapi, uvicorn, pydantic, pyyaml) via the declared install provider. These are standard packages from PyPI and no arbitrary external download URLs or extract/remote archives are used in the provided install spec.
Credentials
The skill requests no environment variables and the code does not access runtime secrets. It only scans the submitted SKILL.md text for env-like tokens. No unrelated credentials are requested.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not modify other skills or system-wide agent settings and does not request persistent elevated privileges.
Assessment
This skill appears coherent and low-risk: it runs a local FastAPI/uvicorn server and analyzes SKILL.md text you send it. Before installing or running it, consider: (1) start it locally or in a sandboxed environment so the server only binds to localhost/your network; (2) ensure pip installs are from PyPI and consider pinning package versions; (3) the SKILL.md metadata omits 'uvicorn' from declared bins even though the example invokes it — this is a documentation/metadata omission, not an active risk; (4) the README examples use curl and jq (not declared) — you only need those to follow the example, not for the skill internals; (5) the extractor regexes may over-match in edge cases (e.g., uppercase tokens that are not intended env vars), so review results before acting on them. If you want higher assurance, review the source files provided or run the server in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk976m343rsfsnt9qzw8p6r7z8n84rwr1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔬 Clawdis
Binspython

Install

uv

Comments