Skillv1.0.2

ClawScan security

Oc Self Update · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 2:47 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with a self-update helper for an npm-distributed OpenClaw package; nothing requested appears disproportionate or malicious.
Guidance: This skill is coherent for updating an npm package, but before installing consider: (1) the package's source/homepage is not provided here — confirm you trust the openclaw npm package and publisher; (2) npm install -g may require elevated privileges (sudo) and will run any install scripts published with the package — only proceed if you trust the registry package; (3) the skill expects a "configured channel" but doesn't show where it's stored — be prepared to ask the agent which channel to use; (4) the included check script is small and readable, but network or npm registry failures will make it report errors; (5) require explicit user confirmation before performing updates (the SKILL.md already instructs this). If you need stronger assurance, verify the openclaw package page on the npm registry and its maintainer before allowing updates.

Review Dimensions

Purpose & Capability: noteName/description match the actions: checking npm and installing openclaw@<channel>. The only minor gaps: the skill metadata/source/homepage are missing (source: unknown, homepage: none) and SKILL.md references a "user-configured" channel without showing where that config is stored. These are usability/documentation issues, not evidence of misbehavior.
Instruction Scope: okInstructions are limited to running the included check_update.sh (which calls npm list/npm show) and then running npm install -g openclaw@<channel> after user confirmation. The SKILL.md explicitly requires confirmation before updating and tells the agent not to restart automatically. The script does not read unrelated files or environment variables.
Install Mechanism: noteThere is no install spec (instruction-only) and the provided script is small and readable. The update mechanism uses npm install -g, which is expected for an npm-distributed package but does execute package install scripts from the npm registry — normal for this use case but something to be aware of.
Credentials: okThe skill requires only the npm binary and declares no environment variables, credentials, or config paths. That is proportionate to a tool that checks and installs an npm package.
Persistence & Privilege: okalways is false and the skill does not request persistent/global agent privileges. It does not modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but not by itself a red flag here.