Back to skill
Skillv1.0.0
ClawScan security
Openclaw Task Executor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 1:19 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions, lack of installs, and absence of required credentials are coherent with a task-execution/subagent-management purpose, though it gives broad runtime discretion (reading local code, spawning subagents, auto-retries) that you should control operationally.
- Guidance
- This skill is internally consistent for orchestrating and monitoring subagents, but it gives the agent broad runtime discretion: it asks the agent to read repo files and configs and to spawn/monitor subagents with aggressive retry/reporting rules. Before installing, confirm these operational controls: limit which workspace paths the skill may read, set timeouts and retry caps for subagents, confirm what 'TOM' means in your environment, and verify platform session APIs (sessions_spawn, sessions_send, etc.) to ensure they don't expose data to unexpected destinations. Run initial tests in a restricted environment and monitor resource usage and logs. If you need stricter confinement, require an approval step before any sensitive file reads or subagent spawns.
Review Dimensions
- Purpose & Capability
- okName/description claim: classify tasks, plan, spawn/monitor subagents, and report — matches the SKILL.md which specifies classification rules, plan→spawn→monitor→report flow, and explicit platform session API operations (sessions_spawn, sessions_history/list, sessions_send). No unrelated binaries/envs/install steps are requested.
- Instruction Scope
- noteInstructions explicitly tell the agent to read local code and configuration (docs/tools/exec*.md, openclaw.json) and to spawn and monitor subagents. Reading local repo/config files is reasonable for planning/exec, but it grants the agent broad read access to the workspace. The skill also prescribes aggressive behaviors (auto-retry on timeout, 'never give up') and frequent reporting (every 30–60s) which can cause heavy activity if not rate-limited.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Low installation risk: nothing is written to disk by an installer.
- Credentials
- okNo environment variables, credentials, or config paths are required by the metadata. The SKILL.md references local files and platform session APIs, which is consistent with its purpose; it does not request unrelated secrets.
- Persistence & Privilege
- okalways is false and model invocation is allowed (default). The skill relies on spawning subagents but does not request permanent inclusion or to modify other skills/config. Autonomous invocation is normal; however, the combination of autonomous subagent spawning plus aggressive retry/report policies increases operational blast radius and should be governed by platform limits.