Skillv1.0.0

ClawScan security

Agent Scout · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 10, 2026, 7:14 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The instructions coherently describe creating a proactive research agent, but they omit and implicitly require sensitive credentials (Telegram bot token, Brave Search API key, OpenAI creds), request broad tool/session permissions, and hard-code a root workspace path—these mismatches warrant caution.
Guidance: This SKILL.md is plausible for creating a research agent, but it omits critical details and requests broad runtime capabilities. Before installing or running these commands: (1) Confirm and provision only the minimum credentials needed (Telegram BOT_TOKEN, Brave Search key, OpenAI key) and limit their scope and rotation; (2) Avoid using /root/.openclaw/workspace — choose a non-root workspace or explain why root is needed; (3) Review and approve the agent's tool permissions (web_fetch/web_search/memory) and inter-agent session targets (e.g., agent:lourens:main) so it cannot exfiltrate data or message other agents unexpectedly; (4) Add explicit declarations for required environment variables and any secrets in the skill metadata so you can audit them; and (5) If you cannot verify who controls Lourens or the referenced skills, do not enable sessions_send or cross-agent allowances until validated.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (creating a research assistant with Telegram and research tools) matches the configuration steps provided. However, the SKILL.md expects external credentials and services (Telegram bot token, Brave Search API key, OpenAI as a memory provider) while the registry metadata declares no required env vars or credentials; the workspace path is set to /root/.openclaw/workspace which implies elevated or system-level access that is not explained.
Instruction Scope: concernInstructions direct the operator to set tokens and enable broad capabilities: web_search, web_fetch, memory_search (provider=openai), sessions_send and inter-agent sessions with agent:lourens:main. They reference verifying Brave Search API keys and bot tokens, and configure an allowlist. While these are relevant to a research agent, the instructions also hard-code system paths and grant inter-agent messaging and skill-provisioning privileges without listing the required credentials explicitly, increasing the chance of misconfiguration or unintended data access/exfiltration.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That lowers supply-chain risk.
Credentials: concernRegistry metadata declares no required env vars, yet the instructions clearly require at least a Telegram BOT_TOKEN, potentially a Brave Search API key, and OpenAI credentials for memorySearch.provider. That mismatch is disproportionate: sensitive credentials are needed but not declared, and there is no guidance about scoping or limiting those credentials.
Persistence & Privilege: noteThe skill does not request always:true and is user-invocable (normal). However it instructs enabling sessions_send and allowing specific inter-agent sessions (agent:lourens:main), which grants the agent the ability to message other agents; this is consistent with the stated collaboration goal but increases blast radius if misconfigured.