Skillv1.1.2

ClawScan security

GigaChat (Sber AI) Proxy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 1:41 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, env requirements, and install steps are coherent with its stated purpose (running a local gpt2giga proxy to connect OpenClaw to Sber GigaChat); nothing in the package appears to request unrelated credentials or perform unexpected network exfiltration.
Guidance: This skill appears to do what it claims, but before installing: (1) review the gpt2giga package on PyPI/GitHub to ensure you trust it (pip install will run third‑party code); (2) store your CLIENT_ID/CLIENT_SECRET carefully (the skill uses a base64-encoded GIGACHAT_CREDENTIALS in a file—use chmod 600 and keep it in your home directory); (3) check ~/.openclaw/gpt2giga.log after startup for any sensitive output (tokens might appear in logs depending on upstream library behavior); (4) back up your openclaw.json before running the patch script (the script does create a .bak but verify contents); (5) consider running the proxy on an isolated user account or container if you want extra separation; and (6) install the Sber root CA to enable SSL verification as suggested to avoid running with TLS verification disabled.

Review Dimensions

Purpose & Capability: okName/description, required binaries (python3, curl), required env vars (GIGACHAT_CREDENTIALS, GIGACHAT_SCOPE), and the packaged scripts all align with running a local gpt2giga proxy and patching OpenClaw config. The primary credential and declared config paths match the described workflow.
Instruction Scope: okSKILL.md and included scripts limit actions to: loading the local env file, starting/stopping a local gpt2giga process, backing up and patching the OpenClaw config, and checking process/port status. Scripts source a user-local env file and may be influenced by optional env overrides (GIGACHAT_ENV_FILE, OPENCLAW_CONFIG) but do not reference or exfiltrate other system secrets or remote endpoints beyond the expected Sber API via gpt2giga.
Install Mechanism: noteInstallation is via pip (scripts/setup.sh: pip3 install gpt2giga) / declared uv package 'gpt2giga'. This is expected for a Python proxy but carries the usual PyPI risk (installing third-party package code). There are no downloads from unknown URLs or archive extracts in the skill itself.
Credentials: okOnly GIGACHAT_CREDENTIALS and GIGACHAT_SCOPE are required, which is proportionate for an OAuth-based proxy. The skill advises storing credentials in a local env file and exporting them; those files are sensitive and should be permissioned (the skill itself recommends chmod 600). Note: scripts export additional non-secret env flags (GIGACHAT_VERIFY_SSL_CERTS, GPT2GIGA_HOST/PORT) and write logs to ~/.openclaw/gpt2giga.log which could contain diagnostic info.
Persistence & Privilege: okSkill is not always-enabled and is user-invocable. It writes its own PID/log files under the user's ~/.openclaw directory and can patch the user's OpenClaw config (intentional for its purpose). It does not request system-wide privileges or modify other skills' credentials.