Codex Owner Move Debug
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent with the right tools follows this instruction, it could create or transfer skill ownership in a persistent registry context.
This directs a high-impact registry operation, but the artifact does not specify user approval, exact test scope, safeguards, or rollback before performing the create-and-transfer workflow.
Create the skill under a personal owner, then move it to OpenClaw with explicit migration intent.
Only use this with explicit human approval, a clearly identified test skill, authorized owner accounts, and documented cleanup or rollback steps.
The agent may need account or organization-level authority to complete the migration.
The workflow implies use of both personal-owner and OpenClaw organization privileges. That is purpose-aligned, but users should verify the agent is authorized to act in both contexts.
under a personal owner, then move it to OpenClaw
Confirm which account and organization permissions are being used before allowing the workflow to run.
A user could overtrust the workflow as self-contained or reversible when cleanup is not actually described.
The text says the workflow includes explicit cleanup, but the actual procedure only describes creating and moving the skill, with no cleanup step.
with realistic text and explicit cleanup ... Create the skill under a personal owner, then move it to OpenClaw
Add explicit cleanup, rollback, and verification instructions, or remove the cleanup claim.