Skillv1.5.0

ClawScan security

Truth Seeking Fact Check · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 31, 2026, 12:59 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated fact‑checking purpose, but there are several inconsistencies (offline/privacy claims vs optional network calls, stray/unused dependencies, version metadata drift, and a background scheduler) that warrant caution before installation.
Guidance: Things to check before installing or enabling this skill: - Privacy vs network use: The README/ SKILL.md promises “100% local” processing, but the code supports optional network lookups (Brave Search via requests) when you configure a datasource. If you need guaranteed offline operation, do not configure external datasources and review the code path that calls requests. - Scheduler behavior: If you enable the scheduler, it spawns a background thread that will call check_text periodically and may call a user-provided callback. Only enable scheduler in environments where background tasks and periodic network access are acceptable. - Configuration surface: The BraveSearch data source requires an API key in the skill config (not an env var). Confirm where you will store that key and whether you trust the skill/config to use it only for the intended searches. - Dependencies & install: There is no explicit install spec; a requirements.txt lists some libraries (beautifulsoup4, lxml, nltk) that aren’t referenced in the shipped code. Expect to manually review/install dependencies or run the skill in a virtual environment to avoid unnecessary packages on your system. - Metadata drift: version fields differ across _meta.json, openclaw.plugin.json, and manifest; this suggests sloppy packaging — review the code directly (you have it) and run it in an isolated environment before trusting it. - Audit for sensitive file access: The compliance module will attempt to read sensitive_words.txt from the module directory if present. If you have strict file‑access policies, inspect that file or remove it. Recommendation: If you plan to use this skill, audit and run it in a sandboxed environment first, avoid configuring external datasources unless you trust them, and only enable the scheduler after confirming desired behavior. The inconsistencies appear to be sloppy engineering rather than clearly malicious, but they increase risk in untrusted deployments.

Review Dimensions

Purpose & Capability: noteThe code implements a local fact‑checking engine, sentence processing, scoring, batch support, a lightweight blockchain check, and an optional scheduler — all consistent with the skill description. However the DataSourceManager includes a BraveSearchDataSource that will perform outbound HTTP requests when configured with an API key. The SKILL.md repeatedly emphasizes “100% privacy / fully local”, which is only true when no external datasource is configured; the code supports optional networked lookups, so the privacy/offline claim is conditional but not explicit in code/config metadata.
Instruction Scope: concernRuntime behavior includes: reading optional local sensitive_words.txt, making HTTP requests via requests (Brave Search) if configured, and running a background TimedScheduler thread that repeatedly calls check_text and can invoke user-supplied callback functions. The SKILL.md gives examples that assume both local-only operation and optional blockchain URL verification. The scheduler will run autonomously in background (when enabled) and may make network calls via configured datasources — this expands scope beyond a purely one-shot local checker.
Install Mechanism: concernThere is no explicit install spec in the manifest/install metadata despite many code files and a requirements.txt. requirements.txt lists requests, beautifulsoup4, lxml, and nltk; the code uses requests but does not import bs4, lxml, or nltk in the provided files (possible future/unused deps). The lack of a platform install spec plus unused/heavier dependencies is incoherent and could lead to unnecessary packages being installed on the host.
Credentials: noteThe skill declares no required env vars or primary credential. In practice, data lookups require configuring a Brave Search API key in the datasources config (not an env var). That is a proportional requirement for networked lookups, but it is optional — if not provided the datasource methods return None and the checker falls back to limited local behavior. The privacy statement in SKILL.md is stronger than the code guarantees (networked lookup is optional but supported).
Persistence & Privilege: notealways:false (normal). The skill can run a background scheduler thread if the user provides scheduler config; this gives it ongoing background activity while enabled. It does not request system-wide config changes nor attempt to modify other skills. Autonomous invocation (disable-model-invocation:false) is normal; combined with the scheduler and optional network access the runtime blast radius is larger if enabled/configured, but that is a user-controlled feature.