Back to skill
Skillv1.0.0
ClawScan security
self-check · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 6:34 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (a non‑destructive system self‑check): it inspects OpenClaw workspace files, processes and runtimes and reports findings without installing or sending data externally.
- Guidance
- This skill appears internally consistent with its purpose: it inspects local OpenClaw workspace files, processes and installed runtimes and only prints findings and suggested commands. Before running: (1) review the script yourself (it's included) to confirm it prints but does not exfiltrate secret values; (2) run it from an account with least privilege needed (avoid running as root) to limit exposure; (3) inspect reported 'fix' commands before pasting them into a shell (they may include sudo/pip/npm operations); (4) because the package source is 'unknown', prefer running it in a test environment or container first if you have sensitive production data. If you want, I can point out exact lines in the script that read specific files/commands to make a more targeted risk review.
Review Dimensions
- Purpose & Capability
- okName/description (system self‑check) aligns with required binaries (node, npm, nvm) and the script's behavior: checking Node/nvm, gateway, OpenClaw config, skills, and local workspace files. No unrelated credentials or cloud services are requested.
- Instruction Scope
- noteSKILL.md and the Python script instruct the agent to run local read/inspection commands (pgrep, ss, readlink, node/npm, python3 -c import ...), parse SKILL.md and config files, and list presence/absence of tokens (without printing values). This is appropriate for a system audit, but the tool does access many local files and runs shell commands — review results before acting on suggested fix commands.
- Install Mechanism
- okNo install spec; the skill is instruction+script only. There are no downloads or archive extraction steps and no external installers invoked by the skill, minimizing installation risk.
- Credentials
- noteThe skill requests no environment variables or credentials. It reads local workspace/config files (e.g., openclaw.json, SKILL.md, agent files) to determine presence of API tokens and settings. This is proportional to a self‑check, but that access can reveal metadata about local tokens and configuration — verify that outputs don't leak secret values and run with appropriate privileges.
- Persistence & Privilege
- okalways is false; the skill is user‑invoked. The script declares it will not modify files or auto‑fix anything. It does not attempt to modify other skills or system settings.