Skillv1.2.0

ClawScan security

Remnawave Account Creator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 22, 2026, 10:22 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to do what its description says (create Remnawave accounts and send emails) but the package metadata omits required secrets/configs and the code/instructions contain several risky or inconsistent choices (mixed credential locations, advice to disable SSL checks, use of child_process, and unclear external endpoints).
Guidance: This skill appears to implement what it claims (create Remnawave accounts and send onboarding emails) but there are several red flags you should address before installing: 1) The registry metadata claims no credentials are needed, yet the code and SKILL.md require a Remnawave API token and SMTP credentials — ask the author to declare required env vars (REMNAWAVE_API_TOKEN, SMTP credentials) and explain where they should be stored. 2) Review credential storage: the code reads tokens from both remnawave.json and ~/.openclaw/workspace/.env inconsistently — avoid committing credentials to repo and prefer a single secure location. 3) The docs recommend disabling SSL verification (sslRejectUnauthorized: false / verify=false) for self-signed certs — avoid enabling this in production; instead install proper certificates or run in an isolated environment. 4) Review any use of child_process.exec and search the code for exec() calls to ensure no user-supplied data is passed to the shell. 5) Verify the API host(s) and example external domains are legitimate for your org. If you are not comfortable auditing the code, run this skill only in a sandboxed environment and request the author to provide clearer metadata, a source repository/homepage, and a trimmed minimal installation guide that declares required secrets and secure defaults.
Findings: [reads_REMNAWAVE_API_TOKEN_from_.env] expected: The scripts read REMNAWAVE_API_TOKEN from ~/.openclaw/workspace/.env (or remnawave.json). An API token is required to call the Remnawave API, but the skill metadata does not declare this requirement. [reads_SMTP_credentials_from_config] expected: SMTP host/user/pass are read from ~/.openclaw/workspace/config/smtp.json to send emails; this is expected for the stated feature but should be declared and handled securely. [insecure_ssl_rejectUnauthorized_false] unexpected: SKILL.md and configs advise setting sslRejectUnauthorized: false and many https calls use verify=false / rejectUnauthorized disabled. This is sometimes needed for self-signed certs but weakens TLS security and is risky to recommend by default. [child_process_exec_usage] unexpected: create-account.js imports child_process.exec and promisify; using exec can allow arbitrary shell command execution. It may be benign (used to call local logging scripts) but deserves manual review so it isn't executing untrusted input. [hardcoded_api_host_ip] expected: Many files and docs reference API base URL https://8.212.8.43 (an IP). That's consistent with an internal service but authors should confirm endpoint ownership before use. [multiple_credential_locations] unexpected: Credential handling is inconsistent: some code reads API token from remnawave.json.apiToken, some from .env REMNAWAVE_API_TOKEN. Inconsistent storage is a usability and security concern. [example_external_subscription_domain] unexpected: README shows an example subscription URL hosted on an unusual domain (datat.cc). This may be harmless example data, but it is worth verifying that subscription URLs and external domains are legitimate.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (create Remnawave users and send SMTP mail) matches the included scripts, but the registry metadata declares no required environment variables or primary credential while the code and SKILL.md clearly require an API token and SMTP credentials stored in user files (e.g. ~/.openclaw/workspace/.env and ~/.openclaw/workspace/config/*.json). That mismatch between declared requirements and actual needs is incoherent and surprising to users.
Instruction Scope: concernSKILL.md and the scripts instruct the agent to read local config files (~/.openclaw/workspace/config/remnawave.json, smtp.json, remnawave-squads.json and ~/.openclaw/workspace/.env) and to call internal API endpoints on an IP (https://8.212.8.43). The docs also suggest disabling SSL verification (sslRejectUnauthorized: false) and even capture of management-panel requests via browser devtools — actions that expand scope and weaken security. Those behaviors are related to the task but include risky guidance and broaden what the skill will access.
Install Mechanism: noteThere is no install spec (instruction-only), but the bundle contains many executable code files. That means installing the skill will place code on disk (no network downloads shown), which is fine, but the lack of an explicit install step combined with many scripts may surprise non-technical users. No external archives/unknown URLs are used in the provided files.
Credentials: concernThe skill requires sensitive secrets (Remnawave API token and SMTP auth) in practice, yet the registry metadata lists no required env vars or primary credential. The code inconsistently reads credentials from different places (sometimes from remnawave.json.apiToken, sometimes from ~/.openclaw/workspace/.env REMNAWAVE_API_TOKEN), increasing the risk of accidental credential leakage or misconfiguration. SMTP credentials and API tokens are necessary for the stated purpose, but they should have been declared and the retrieval method should be consistent and secure.
Persistence & Privilege: okThe skill is not marked 'always: true' and is user-invocable (normal). disable-model-invocation is false (agent may invoke autonomously) which is the platform default — not flagged by itself. The skill does write/read config files in the user's workspace but does not request elevated system-wide privileges in the provided materials.