Back to skill
Skillv2.0.0
ClawScan security
Model Pilot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 11:29 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, external lookups, and scope align with its stated purpose (model-cost / model-selection recommendations); only minor metadata and documentation inconsistencies were found.
- Guidance
- This skill appears coherent and lightweight: it only recommends models and fetches live pricing. Before installing: (1) confirm you trust the external domains it fetches (e.g., https://z.ai/pricing and search results) since the agent will make web requests when invoked; (2) clarify whether the agent will read your local OpenClaw config (the docs say "check the user's config" but don't state how); (3) note minor metadata mismatches (SKILL.md/version vs. _meta.json and registry version) — not dangerous but worth confirming the published package is the expected release. If uncomfortable, try it first on non-sensitive tasks and verify it only makes the expected pricing and search requests.
Review Dimensions
- Purpose & Capability
- okName and description (match tasks to cheaper models) align with the SKILL.md instructions: complexity heuristics, live pricing fetches, and cost-estimation formulas. Fetching provider pricing via web_search/web_fetch is expected for this purpose.
- Instruction Scope
- noteInstructions stay within scope: they recommend models, estimate cost, and advise not to switch automatically. They instruct the agent to use web_fetch/web_search for live pricing. One small ambiguity: the guide says to "Check the user's config for available aliases" but does not specify how (session API vs. reading config files). The skill does not explicitly instruct reading arbitrary files or credentials.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk or downloaded. Low install risk.
- Credentials
- okNo required environment variables, credentials, or config paths are declared. The runtime instructions also do not request secrets or tokens. Live web lookups are used, which is proportional to the purpose.
- Persistence & Privilege
- okSkill is not forced-always, does not request persistence or extra privileges, and explicitly states it does not persist or switch models automatically.