Skillv1.0.2

ClawScan security

context-engineer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 21, 2026, 11:37 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with a local context-auditing tool that reads workspace and OpenClaw config files; it does not request credentials or external installs, but you should review or run it in an isolated environment before giving it access to sensitive files.
Guidance: This skill appears to do what it says: it inspects your agent workspace and OpenClaw config and writes analysis snapshots. Before installing or running it: 1) Understand it will read any files you point it at (SKILL.md, MEMORY.md, configs, skills/*/SKILL.md) — do not point it at directories containing secrets you don't want analyzed. 2) Review context.py (or run it in a sandbox) to confirm there are no network/exfiltration calls; the visible code shows only local file I/O and reporting, but the provided context.py snippet in this review was partial, so double-check the full file for network/socket/HTTP usage. 3) When running, avoid using elevated privileges and keep backups of any files you modify; inspect any saved snapshot JSON before sharing, since it may contain extracted text from your workspace. If you want extra assurance, run the script on a copy of your workspace or in an isolated environment first.

Purpose & Capability: okThe skill is described as a context window optimizer and the code and SKILL.md show it scans workspace files (SKILL.md, MEMORY.md, skills/*/SKILL.md, and .openclaw/openclaw.json) and produces token/efficiency reports — the requested binary (python3) and the file reads are appropriate for that purpose.
Instruction Scope: noteInstructions explicitly tell the agent to run the included Python script against a workspace or OpenClaw config; the script reads many user files under the provided workspace and can write snapshots. This matches the stated scope, but it does mean the skill will examine any files you point it at (which may contain sensitive data).
Install Mechanism: okNo install spec or third-party downloads are declared; the skill is instruction-only and ships a Python script that runs with the stdlib. No network fetches or external package installs are required according to the metadata and SKILL.md.
Credentials: okNo environment variables, credentials, or config paths beyond the workspace/config paths are requested. The script reads local workspace and OpenClaw config files only, which is proportionate to a context-auditing tool.
Persistence & Privilege: okalways is false and the skill does not declare any persistent system-level installation. Its writable actions are limited to saving snapshots/files you explicitly name; it does not request to modify other skills or global agent settings.