Skillv1.0.0

ClawScan security

OpenClaw Business Starter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 6:32 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, setup script, and runtime instructions are internally consistent with its stated purpose (creating local PARA memory, cron jobs, and agent workflows) but it grants broad autonomous-scope templates that you should review before enabling in a production environment.
Guidance: This package appears to do what it says: create a workspace, templates, and schedule OpenClaw cron jobs. Before installing, do the following: 1) Inspect scripts/setup-foundation.sh and the template files (already included) to confirm the exact cron commands and files written — the setup script is the only code executed. 2) Verify what the openclaw cron add command will do in your environment (which agent identity, permissions, and runtime it will use). 3) If you have Git, SSH keys, cloud/API tokens, or service credentials on the machine, decide whether the agent should be allowed to use them — the templates explicitly permit autonomous commits/pushes and handling of outbound actions; remove or tighten those rules if unwanted. 4) Remove or edit any lines in AGENTS.md that say "Don't ask permission" or that allow pushing public changes until you have a trusted approval workflow. 5) Test the skill in a sandboxed account or VM with no API keys or production credentials to observe behavior. 6) If you rely on the GitHub links or the author, verify the upstream repo and publisher reputation before trusting updates. If you want, I can produce a short checklist of the exact changes to make in AGENTS.md and the setup script to limit autonomy (e.g., require manual approval for pushes and outgoing posts).

Review Dimensions

Purpose & Capability: okName/description match the actual behavior: the skill creates a local workspace (~/.openclaw/workspace), templates, and OpenClaw cron jobs and provides agent operating instructions. It does not request unrelated credentials or install arbitrary binaries.
Instruction Scope: noteSKILL.md and templates instruct the agent to create files, schedule cron jobs via the openclaw CLI, and run daily/heartbeat tasks. This stays within the stated purpose, but AGENTS.md contains strong autonomy directives (e.g., "Don't ask permission. Just do it.", "commit and push your own changes") which expand the agent's allowed actions beyond passive organization and monitoring. Those behavioral rules are part of templates rather than enforced technical controls.
Install Mechanism: okNo remote downloads or install hooks are present in the package. The only executable is an included bash setup script that creates local files and invokes the local openclaw CLI; no external archives or obscure URLs are fetched.
Credentials: noteThe skill does not request environment variables, keys, or privileged config paths. It does require write access to the user's OpenClaw workspace and depends on the openclaw CLI and cron scheduler. Be aware that if your environment already has Git, SSH, or API credentials configured, the agent templates instruct actions (e.g., push, posting to social media, checking Stripe) that could use those credentials — the skill itself does not request them, but it assumes the user will provide them for integrations.
Persistence & Privilege: notealways:false and normal autonomous invocation are used. The skill creates persistent files and registers scheduled cron jobs via the openclaw CLI. The combination of scheduled autonomous tasks and the templates' permissive decision authority increases blast radius if the agent is allowed to act on existing credentials or access (e.g., git pushes, posting) — this is an expected property of an "autonomous business" skill, not a technical misconfiguration in the package.