Skillv1.0.0

ClawScan security

Agent Lifecycle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 16, 2026, 2:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches an agent-lifecycle tool but the documentation overstates what the code actually collects (claims to capture env vars, model assignments, 'last used', etc.) which is inconsistent with the shipped script.
Guidance: This package provides a small Python tool that scans your per-user OpenClaw skill directories and writes JSON snapshots to ~/.openclaw/lifecycle. It does not request credentials or make network calls. However, the SKILL.md claims it records environment variables, model assignments, 'last used' timestamps, and feature flags — the included script does not implement those features. Before installing or relying on it: (1) Inspect the saved JSON snapshots in ~/.openclaw/lifecycle to confirm they only contain the metadata you expect (paths, file counts, sizes, SKILL.md frontmatter). (2) If you need the additional tracking (env vars, model assignments), ask the maintainer for clarification or an updated implementation. (3) Consider file permissions on ~/.openclaw/lifecycle because snapshots contain file paths and metadata that could be sensitive if shared. (4) If you expect automated/autonomous invocation, note this skill can be invoked by the agent (disable-model-invocation is false) — that’s normal but increases blast radius if the skill were later modified to collect more data. If you want a higher-assurance verdict, provide the developer/source identity or an updated script that actually implements the claimed tracking so I can re-evaluate.

Review Dimensions

Purpose & Capability: concernName/description promises comprehensive lifecycle tracking (environment vars, model assignments, feature flags, 'last used'). The included script only scans ~/.openclaw/skills and workspace/skills for SKILL.md, gathers basic metadata (name, path, file count, size, last modified) and writes snapshots/history to ~/.openclaw/lifecycle. Several claimed capabilities (capturing environment variable values, model assignments, last-used timestamps, feature-flag state) are not implemented — this is a substantive mismatch between stated purpose and actual capability.
Instruction Scope: noteRuntime instructions tell the user to run the included Python script with snapshot/diff/list/rollback/retire/history commands. The script reads the user's home directory (~/.openclaw/skills and workspace), SKILL.md files, and computes file sizes/counts; it writes JSON snapshots and logs to ~/.openclaw/lifecycle. There are no network calls or attempts to read arbitrary system files or environment variables. It does access user home and skill files (expected for this purpose), so scope is mostly appropriate, but the SKILL.md text over-promises data it will collect.
Install Mechanism: okNo install spec; instruction-only with a bundled Python script. Required binary is python3, which is reasonable. Nothing is downloaded or extracted from external URLs.
Credentials: okNo environment variables or credentials are requested. The script does not read environment variables or external secrets. It only reads files under standard per-user OpenClaw paths and writes snapshots to ~/.openclaw/lifecycle, which is proportional to lifecycle management.
Persistence & Privilege: okThe skill is not always: true and is user-invocable. It writes only to ~/.openclaw/lifecycle and does not modify other skills or system-wide settings. It does not persist across agents beyond its own snapshot files.