Skillv1.0.0

ClawScan security

agent-init · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 6:06 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill’s purpose and instructions mostly match (generating and writing agent workspace MD files), but it proposes downloading and running an external install script (curl | sh from astral.sh) and contains a couple of odd local-permission traces — those installation/network actions are disproportionate and deserve review before use.
Guidance: This skill otherwise appears coherent for creating and updating OpenClaw workspace files, but stop and review before running any automatic installer. The included script suggests installing 'uv' via piping a script from https://astral.sh/install.sh — downloading and running shell scripts from an unknown domain is risky. Before using the skill: (1) Inspect the install script at the URL yourself (do not pipe blindly to sh); (2) prefer installing 'uv' via your OS/package manager or a verified release if available; (3) run the check-env script in a safe/test environment or container first; (4) back up existing AGENTS.md/SOUL.md/etc. and confirm the skill won't overwrite critical sections (SKILL.md instructs to extend not replace — follow that); (5) confirm the container and workspace paths are correct for your instance; and (6) avoid putting secrets into generated workspace MD files because they are injected into prompts every turn.

Review Dimensions

Purpose & Capability: okName, description, and included templates/scripts align with the stated goal of initializing OpenClaw workspace MD files. The files (SKILL.md, templates, workspace guide) and the check-env script are coherent for generating and writing agent workspace files.
Instruction Scope: noteRuntime instructions are focused on interviewing the user, checking environment, and showing/writing workspace files to host or container. They require reading the existing AGENTS.md and other workspace files and run docker exec or file-write commands as expected. The SKILL.md also instructs never to include secrets and to show generated content before writing — which is responsible. However, the instructions include an optional automatic install step that downloads and executes a script from a remote host (astral.sh), which expands the skill's scope to performing network installs on the target system.
Install Mechanism: concernThere is no formal install spec, but scripts/check-env.sh uses curl -LsSf https://astral.sh/uv/install.sh | sh to install 'uv' when run with --install. Downloading and piping an arbitrary install script from an external personal/unknown domain is a high-risk install pattern because the script will be executed with shell privileges and there is no signature or checksum verification. The rest of the skill is instruction-only and writes files via cat/docker exec (expected).
Credentials: okThe skill does not request environment variables, credentials, or config paths beyond reading/writing workspace files. That is proportional to the described task. Minor oddity: .claude/settings.local.json contains a permission allowing a specific git ls-files command against a local path (/Users/clawdbot/.../data/skills/agent-init/), which looks like a leftover local test/permission entry but does not itself require new credentials.
Persistence & Privilege: okalways is false and the skill does not claim to force-enable itself or modify other skills. It writes per-agent workspace files and uses container/host write methods as expected. No elevated persistent privileges are requested.