Skillv1.0.1

ClawScan security

Live Sessions Dashboard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 7:05 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent with its stated purpose (local OpenClaw CLI dashboard) but has a few mismatches and minor surprises (doc/flag/env var inconsistencies and optional log tailing that could surface sensitive data) that you should understand before installing.
Guidance: This skill appears to do what it says: it queries your local OpenClaw CLI to produce a live terminal and HTML dashboard. Before installing or running it: - Verify the `openclaw` binary on PATH is the expected official CLI (subprocess calls execute that binary). Run the scripts on a host that is allowed to read your gateway. - Be cautious with the log subscription: tailing `openclaw logs --follow` can surface prompts, tool args, or secrets (the code only extracts sessionId and does not persist raw log messages, but logs may still appear in process memory). If you are unsure, run with the `--no-subscribe` flag or run on a host without log access. Note: the SKILL.md suggests an AGENT_MONITOR_NO_SUBSCRIBE env var, but the scripts do not actually read that variable — you must pass `--no-subscribe` on the CLI. - If you publish the generated HTML to a remote or public location, be aware it contains internal session identifiers, counts, token/cost estimates, model names, and timestamps; treat it as internal information. - The package has no homepage and unknown owner; if you need strong assurance, review the full scripts locally (they are included) and test in a non-production environment. If you want a cleaner bill-of-materials from the author, ask them to: (1) either implement respect for AGENT_MONITOR_NO_SUBSCRIBE or remove that doc line, (2) document the exact behavior when `openclaw` errors, and (3) sign or publish a homepage/source repo so you can confirm provenance.

Review Dimensions

Purpose & Capability: okName/description match the implementation: both Python scripts call the local `openclaw` CLI to fetch sessions and optionally tail logs, and they generate a CLI view and an HTML snapshot as described. No unrelated services, binaries, or credentials are requested.
Instruction Scope: noteSKILL.md instructs running the included scripts which only call `openclaw sessions` and (optionally) `openclaw logs --follow`. The documentation warns that logs can contain prompts, secrets, or PII and suggests poll-only mode if you want to avoid log content — the scripts do not print or persist raw logs. This is within scope, but the README claims an env var to force poll-only everywhere (AGENT_MONITOR_NO_SUBSCRIBE) and describes a `--subscribe` override; the CLI actually implements a `--no-subscribe` flag and does not read AGENT_MONITOR_NO_SUBSCRIBE, so docs and runtime flags are inconsistent.
Install Mechanism: okNo install spec — instruction-only with bundled Python scripts. Nothing is downloaded from external URLs or written to system locations beyond the skill directory and the generated HTML file. This is the lower-risk install model.
Credentials: noteThe skill requires no credentials and only optionally reads AGENT_MONITOR_COST_PER_1K for cost display (implemented). The SKILL.md mentions AGENT_MONITOR_NO_SUBSCRIBE to force poll-only, but the scripts do not read that env var (they use a CLI flag instead). No other secrets/keys are requested.
Persistence & Privilege: okalways is false, the skill does not request permanent system-wide presence, and it only writes the HTML snapshot file into its asset path. It does not modify other skills or agent-wide config.