Skillv1.1.1

ClawScan security

Chat History · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 3:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (local chat archive and search) matches the included code, but there are internal inconsistencies (hardcoded paths, mixed claims about crontab/system calls vs. using an OpenClaw cron API, and delivery/install docs that contradict the 'no system permissions / no network' assurances) that merit caution before installing.
Guidance: This skill appears to implement local chat-archiving and search, which is plausible. However before installing or enabling automated scheduling: 1) Inspect main.py and main_v3.py for any os.popen/os.system/subprocess calls and any network calls (HTTP, sockets) — the docs disagree internally about whether those were removed. 2) Fix or confirm any hardcoded paths (e.g., /Users/tanghao, /var/log/...) so files and logs are written where you expect. 3) Do not run any cron-setup or --setup-cron steps until you confirm how scheduling is implemented (OpenClaw cron API vs. system crontab). Adding crontab entries is persistent and can run code at system level. 4) Backup your existing ~/.openclaw/workspace/conversation-archives before first run. 5) If provenance matters, ask the author for a canonical repository or signature (source is listed as unknown). If you lack time to audit, run the skill in a controlled account or VM and avoid giving it elevated permissions or running any 'setup-cron' helpers until you verify the code paths involved.

Review Dimensions

Purpose & Capability: okName/description (chat history, archive, search) align with the shipped Python scripts that read session files and write archives/indexes. The code operates on local workspace/session files (e.g., ~/.openclaw or OPENCLAW_DIR), which is coherent with the stated purpose.
Instruction Scope: concernSKILL.md instructs archiving, NLP triggers, and scheduling. The implementation reads OpenClaw session files (agents/main/sessions) and writes archives and indices under the user's OpenClaw workspace — expected for this feature. However the docs and scripts also reference creating system cron entries, editing crontab, and writing logs to system locations (/var/log/chat-archive.log) and a user-specific path (/Users/tanghao/...), which are broader in scope than the 'pure local, no system permissions' assertions in other docs. That mismatch increases risk because a user might be prompted (or the code might offer) to modify system scheduled tasks.
Install Mechanism: noteNo install spec is provided (instruction-only from registry perspective), but the skill includes multiple executable Python scripts and a shell script (archive-daily.sh). There is no external download or package install indicated. Risk is moderate because archive-daily.sh contains hardcoded absolute paths and would be suitable for adding to crontab if the user follows docs — adding scheduled tasks is a privileged persistent action if performed against system crontab.
Credentials: concernDeclared requirements list no env vars or credentials; code uses OPENCLAW_DIR / OPENCLAW_WORKSPACE env vars optionally (sane). The bigger issue is hardcoded paths appearing in multiple delivery/docs/scripts (e.g., /Users/tanghao/.openclaw and /var/log/chat-archive.log, an archive-daily.sh referencing a specific user path). That contradicts some security documents that claim dynamic paths and no hardcoding. No network credentials are requested, which is proportionate, but the presence of system-path references and crontab instructions is disproportionate to a simple read/write archival tool unless the user explicitly opts into scheduling.
Persistence & Privilege: concernThe skill is not 'always: true' and does not declare elevated privileges. Nonetheless documentation and some scripts reference adding cron entries (system-level scheduling) and an archive-daily.sh that would be suitable for crontab. There is contradictory messaging: v3 changelog claims removal of os.popen/os.system and use of OpenClaw cron API, while other docs and scripts still show crontab usage and hardcoded paths. If the skill or user runs the crontab setup, it will create persistent scheduled actions; that capability requires careful review before enabling.