Back to skill
Skillv1.0.0
ClawScan security
MasterinPhysics · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 6, 2026, 5:30 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested footprint (no installs, no credentials, plain markdown modules) matches its stated purpose of providing physics reasoning, experiment design, optimization, and an internal 'memory' — nothing appears disproportionate or covert.
- Guidance
- This skill is internally coherent and low-risk: it contains only markdown modules for physics reasoning and requests no installs or credentials. Before enabling, check how OpenClaw stores the 'memory' it references (where logs are kept, retention, and access controls). Avoid feeding sensitive or private data into the skill's memory, and confirm you are comfortable with the platform's memory/agent-autonomy settings.
Review Dimensions
- Purpose & Capability
- okName, description, and the provided modules (theorist, experimenter, innovator, optimizer, memory) are coherent with an expert-physics skill; there are no unrelated environment variables, binaries, or install actions that would be unexpected for this purpose.
- Instruction Scope
- noteSKILL.md stays within physics analysis, experiment design, and iterative improvement. The only vagueness is the 'memory' behavior — it says the agent will 'log' and 'become more expert over time' but does not specify where or how logs are stored or how retention is managed. That vagueness can have privacy implications depending on the platform's memory implementation.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files to execute; low risk from installation or disk-write mechanisms.
- Credentials
- okNo required environment variables, credentials, or config paths are declared — consistent with a purely instructional physics assistant.
- Persistence & Privilege
- noteSkill is not 'always' enabled and requests no special privileges, but it explicitly asks to 'log' experiments and 'become more expert' which implies use of the agent/platform memory. Confirm how the platform persists skill-provided memory and whether that memory will retain sensitive inputs.