Skillv1.0.0

ClawScan security

Openclaw Agent Governance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 26, 2026, 2:53 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions align with a governance setup task, but the skill references a CLI and template files that are not provided or declared, and it tells the agent to write into a home workspace without declaring that footprint — these inconsistencies warrant caution.
Guidance: This skill's content looks like valid governance guidance, but it has gaps you should resolve before running it. Ask the author (or check the environment) for: (1) the 'agent-governance' CLI or exact commands to run — the SKILL.md assumes this tool exists but the skill bundle doesn't include or install it; (2) the template files under references/ (MEMORY.md.template, AGENTS.md.template, etc.) — these are referenced but not supplied; (3) explicit confirmation that the script will write to ~/.openclaw and whether you should back up any existing AGENTS.md or memory files. Until those are provided, prefer running the 'audit' steps in a read-only/manual mode (inspect what would change) or run any 'apply' activity in a disposable/test workspace. Also verify templates do not contain secrets or external endpoints, and require user confirmation before any automated 'gateway restart' or other privileged operations.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (create/audit governance files) matches the actions described (create MEMORY.md, AGENTS.md, memory/*). However, the SKILL.md repeatedly references an external command 'agent-governance' and a set of template files under references/ that are not included in the skill bundle and are not declared in requirements. It's unclear where the templates or the 'agent-governance' executable come from, which is an incoherence between claimed capability and what the skill actually provides/needs.
Instruction Scope: concernRuntime instructions tell the agent to create/modify files under ~/.openclaw/workspace-<agent-name> and to run commands like `agent-governance apply` / `agent-governance audit`. They also direct appending to existing AGENTS.md. The instructions assume templates live at references/* and that the 'agent-governance' tool exists; neither the templates nor the tool are supplied or declared. Writing to a user's home directory and modifying existing files are legitimate for this purpose but should be explicit and accompanied by templates or safe read-only audit options. The instructions do include a prohibition against running certain gateway commands, which is policy guidance but not a security risk by itself.
Install Mechanism: noteThis is an instruction-only skill (no install spec, no code files), which is low risk in itself. However, because the instructions expect an external CLI ('agent-governance') and template files, the lack of an install method or included templates is a gap: either the environment must already have that tool/templates, or the instructions are incomplete. There is no download/execute risk from the skill itself.
Credentials: noteThe skill requests no environment variables, credentials, or declared config paths. That is appropriate in principle. However, the instructions write to ~/.openclaw and other workspace paths without declaring them as required config paths; the skill should explicitly document that it will create files under the user's home directory so users can consent and back up existing data.
Persistence & Privilege: okThe skill does not request always:true and does not claim system-wide privileges. It instructs creation of persistent files in a user workspace, which is consistent with its purpose and not unusually privileged. It does not attempt to modify other skills or system-wide agent settings.