Skillv2.1.3

ClawScan security

guard-dog · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 17, 2026, 5:41 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested file access and instructions match its stated purpose as a local 'guard' that enforces an authorization code check; it is an instruction-only skill that does not request unrelated credentials, network access, or privileged persistence.
Guidance: This skill is internally consistent with its purpose: it stores a salted SHA-256 hash in ~/.openclaw/.guard-dog-vault and instructs the agent to verify user-supplied codes without ever echoing them. Before installing, confirm your OpenClaw runtime/platform actually: (1) prevents logging of sensitive user inputs and conversation history, (2) allows the agent to read/write the vault file with 600 permissions, and (3) provides the memory-isolation behavior the skill assumes (secure clearing of plaintext in RAM). If your platform logs conversations or cannot guarantee in-memory wiping, consider running the skill in a sandboxed/trusted environment or decline to use it. Also be cautious when following the README backup/restore examples — make sure backups are stored securely (encrypted and chmod 600).

Review Dimensions

Purpose & Capability: okName/description (an AI 'guard' that intercepts risky operations) aligns with the actual behavior: it expects to store and verify a local authorization code hash in ~/.openclaw/.guard-dog-vault and to intercept certain classes of operations. There are no unrelated environment variables, binaries, or external endpoints requested.
Instruction Scope: noteSKILL.md instructs the agent to read/write the specified vault file, compute/compare SHA-256+salt hashes, and never reveal or log the plaintext code. This is coherent with its purpose, but several safeguards depend on the runtime/platform (memory wiping, not logging conversation history). The skill assumes the runtime will support secure memory handling and non-logging — if the platform does not provide those guarantees, confidentiality could be at risk. The README includes backup/restore commands which are user actions and not automatic exfiltration.
Install Mechanism: okInstruction-only skill with no install spec and no code files to execute; lowest install risk. No downloads, no external packages, and no URLs used for installing code.
Credentials: okThe only requested resource is a local hidden vault file (and optional state file) under ~/.openclaw/, with read/write capability declared in metadata. That is proportionate to a local authorization/guarding function. It does not request unrelated credentials, network tokens, or wide filesystem access.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does declare file paths it will use for its own state (vault and optional state file) which is reasonable. It does not request elevated system-wide privileges or modify other skills' configurations.