Back to skill
Skillv1.0.0
ClawScan security
Kiro Agent Chat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 8:30 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it says — a simple JSON-file based inter-agent message queue — and its code and instructions are consistent with that purpose.
- Guidance
- This skill is a simple file-based message queue and appears internally consistent. Before installing, verify the chat file path and set strict filesystem permissions so only intended agents/users can read/write it (sensitive data should not be stored in plaintext there). Note the metadata does not list the environment variables the scripts use (SENDER, RECEIVER, MESSAGE, MY_NAME) — be careful not to expose secrets via those env vars or in the shared file. The remote SSH examples require you to use your private key; do not share that key. Also be aware the scripts perform plain read/write without locking, so concurrent writes may corrupt the file; if you need robust or secure messaging across hosts, consider using an authenticated messaging service or add file-locking/encryption.
Review Dimensions
- Purpose & Capability
- okName/description match the included scripts and instructions. The three Python scripts implement writing, reading, and deleting messages in a shared JSON file and there are no unrelated binaries, cloud credentials, or unexpected external services requested.
- Instruction Scope
- noteSKILL.md stays within the chat-file use case but relies on environment variables (SENDER, RECEIVER, MESSAGE, MY_NAME) and editing TOOLS.md without declaring them in metadata. Remote usage examples show using ssh with a private key path (~/.ssh/openclaw.pem) — this is expected for SSH-based operation but requires the user to supply and protect their SSH keys. The instructions do not attempt to read arbitrary local files or send data to external endpoints beyond the shared file/SSH examples.
- Install Mechanism
- okThere is no external install or download step; the skill is instruction+included scripts only. All code is present in the package and nothing is pulled from third‑party URLs or installed from untrusted sources.
- Credentials
- noteNo required environment variables are declared in the registry metadata, but the runtime expects SENDER, RECEIVER, MESSAGE and MY_NAME environment variables. These are not sensitive by themselves, but the README examples reference using a private SSH key for remote execution — users must protect that key and avoid embedding secrets in the shared JSON. The skill does not request unrelated credentials.
- Persistence & Privilege
- okalways is false, the skill does not request persistent elevated privileges, and it does not modify other skills' configurations or system-wide settings.