Skillv1.2.0

ClawScan security

HostGuard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:50 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill’s instructions, required artifacts, and behavior align with its stated purpose (local checks for binding and privileges) and are proportionate; minor documentation inconsistencies are noted but there is no evidence of malicious or incoherent behavior.
Guidance: This skill is instruction-only and appears to do only local, read-only checks (and only modifies files if you explicitly permit it). Before installing: (1) note the registry/SKILL.md name & version mismatch (ClawGuard vs HostGuard) — verify you trust the publisher; (2) understand the agent will read local .env.* files (which can contain secrets) but only looks for host/port keys; (3) ensure you are comfortable with the agent running local commands (lsof/netstat/id/whoami) — you can run those same commands manually to compare results; (4) only grant explicit permission to modify files and confirm backups are created as promised. If you want higher assurance, ask the publisher for a signed release or source repository, or run the checks manually instead of letting the agent perform them autonomously.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes checking OpenClaw network binding, privilege level, and local env files and offering conservative lockdown advice — which matches the stated purpose. Minor inconsistencies: the registry lists the skill as "HostGuard" / version 1.2.0 while the SKILL.md calls itself "ClawGuard" / version 1.1.0; this is likely a bookkeeping issue but worth noting.
Instruction Scope: noteInstructions are limited to running local diagnostic commands (lsof/netstat/id/whoami) and reading .env.* files for OPENCLAW_HOST/HOST and OPENCLAW_PORT/PORT. This is within scope for the stated checks. Caution: .env files can contain other secrets; the skill only greps for specific host/port keys, but a user should be aware the agent will read local config files.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is downloaded or written to disk by default, which minimizes installation risk.
Credentials: okThe skill requests no environment variables or credentials. It references OPENCLAW_PORT if present (as an optional override) but does not require any secrets. The requested access to local .env files and system commands is appropriate for the stated checks.
Persistence & Privilege: okalways:false and no install/daemon behavior. Model invocation is allowed (default) but that is normal for skills and not a concern here. The SKILL.md states it will not modify files without explicit user permission and will create .bak backups before editing, which is proportionate.