Skillv0.3.0

ClawScan security

DualAgentDebate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 2:30 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (run a debate between an LLM and prior thoughts stored in a user's Open Brain), but there are metadata inconsistencies and a few operational security points you should confirm before running it against real data.
Guidance: Before installing/running: 1) Confirm OPENBRAIN_MCP_URL points to a trusted Open Brain MCP endpoint (do not point it at an unknown public URL). 2) If you provide OPENBRAIN_MCP_TOKEN, ensure the token has least privilege (read and an intentionally scoped write permission) since the script will INSERT into public.memories. 3) Review the SQL statements in the script to ensure they match your schema and don't unintentionally expose or overwrite data; run against a staging/dev instance first. 4) If you do not want data sent to OpenAI, omit OPENAI_API_KEY — note the script will call your local openclaw agent instead, which may use local configuration/credentials. 5) The registry metadata incorrectly lists no required env vars — treat the SKILL.md and script as the source of truth and ask the publisher to correct the metadata. 6) If you have sensitive content, audit the actual SQL insert and decide whether to sanitize or redact before running. If any of the above are unacceptable, do not run the skill or run it in an isolated/test environment first.

Review Dimensions

Purpose & Capability: noteThe script uses an MCP HTTP endpoint (OPENBRAIN_MCP_URL / optional OPENBRAIN_MCP_TOKEN) and OpenAI (or a local openclaw agent) to implement the described debate loop; those capabilities are coherent with the stated purpose. However the registry metadata declares no required env vars while SKILL.md and the script do require/expect OPENBRAIN_MCP_URL and optionally OPENBRAIN_MCP_TOKEN and OPENAI_API_KEY — this metadata mismatch should be corrected or called out to users.
Instruction Scope: okSKILL.md and the script stick to the declared task: they fetch context and prior thoughts via MCP tools, call an LLM for debate rounds, compute embeddings to measure semantic agreement, and persist the outcome back to the user's Open Brain. The script only contacts the MCP endpoint you point it to and (optionally) OpenAI or local openclaw; it does not try to read unrelated system files or external endpoints beyond those.
Install Mechanism: okThis is an instruction-only skill with an included Python script; there is no install spec that downloads arbitrary code or packages from external URLs. Risk from installation is low — running the script executes local Python and may spawn the openclaw CLI if no OpenAI key is provided.
Credentials: noteRequested environment variables (OPENBRAIN_MCP_URL, optional OPENBRAIN_MCP_TOKEN, optional OPENAI_API_KEY, and a few tool override vars) are proportionate to the functionality. Important caveat: the script issues SQL calls via the MCP 'execute_sql' tool and will persist debate outcomes into public.memories; this requires the MCP token (or the MCP service pointed at by URL) to allow writes. Verify the token has least privilege and that you expect the skill to write into public.memories. Also note the registry metadata omits these env requirements, which is misleading.
Persistence & Privilege: okThe skill does not set always:true and does not modify other skills or global agent settings. Its main privileged action is writing the debate outcome into the user's Open Brain via execute_sql — that is consistent with its purpose but is a sensitive write operation you should authorize.