Skillv1.0.0

ClawScan security

Shadow AI Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 9:04 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (local demo data generation and HTML dashboard creation) but contains a few minor mismatches (e.g., an example cron job that announces results over WhatsApp even though no WhatsApp integration or credentials are provided).
Guidance: This skill appears to do what it says: generate demo events and produce a local HTML dashboard. Before installing or running it with real data, consider the following: 1) The example cron payload mentions sending WhatsApp notifications, but the skill provides no messaging integration or credentials—do not assume notifications are implemented; adding them will require secure handling of messaging API keys. 2) The generated HTML loads Chart.js from a CDN when opened in a browser; if you need an air-gapped or fully controlled environment, host the library locally or remove the external script. 3) The demo generator creates realistic-seeming events (employee IDs, data categories). If you replace demo data with real telemetry, ensure you have legal basis and employee/client consent before processing or storing personal data. 4) Review the two script files yourself (they are short and readable) before running and run them in an isolated workspace if you are unsure. 5) Source metadata is 'unknown' and author is generic—if you plan to use in production, obtain provenance/maintenance information and confirm licensing. Overall, no signs of data exfiltration or hidden behavior in the provided files, but exercise caution when integrating notification channels or using real-sensitive data.

Review Dimensions

Purpose & Capability: noteThe name/description promise an enterprise dashboard and compliance analysis; the included files (demo-data generator + HTML dashboard generator) implement exactly that for local/demo usage. One mismatch: the SKILL.md includes an OpenClaw cron example that instructs the agent to "Send WhatsApp notification with metrics," but there is no WhatsApp integration code, no required env vars, and no mention of where to configure messaging credentials. This is a documentation/feature gap rather than evidence of hidden functionality.
Instruction Scope: noteRuntime instructions are limited to running two local Node scripts and opening the generated HTML; the scripts read/write only local files they create. They do not access system-wide config, secret environment variables, or external APIs from Node. The HTML references Chart.js via a CDN (client-side load). The SKILL.md's automated-schedule example implies sending external notifications (WhatsApp), which is outside the provided code and would require adding credentials and implementation—this is a scope mismatch to be aware of.
Install Mechanism: okNo install spec is provided (instruction-only install) and the package contains only small Node scripts and a package.json. Nothing is downloaded or executed from external URLs by the Node scripts. The only external resource is a client-side Chart.js CDN reference in the generated HTML; no extract/download installs occur.
Credentials: okThe skill declares no required environment variables, credentials, or config paths; the bundled code operates on local demo data only. Note: the SKILL.md's delivery example (WhatsApp announcements) would require messaging credentials if implemented — those are not requested by the skill as provided, so any user who wires up automatic notifications must supply and review those credentials separately.
Persistence & Privilege: okThe skill does not request persistent or elevated privileges. always is false, it is user-invocable, and the code does not modify other skills or system-wide agent settings. It writes output files into the current working directory only (shadow-ai-data.json and shadow-ai-dashboard.html).