Back to skill
Skillv1.0.0
ClawScan security
openclaw-behavior-plan · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 8:56 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that coherently generates structured agent behavior plans and does not request unrelated credentials or install code — but the plans can include reading local files and running shell commands, so grant access only when you trust the requested operations.
- Guidance
- This skill appears to do what it says — it generates step-by-step plans that may reference tools which can read files or run shell commands. Before installing or invoking it, decide whether you will allow plans generated by the skill to access local files or execute commands. If you expect the agent to interact with calendars, Slack, or other services, grant those integrations only through the official connectors and avoid pasting secrets directly into prompts. Require explicit user confirmation before allowing any plan step that modifies or deletes system files or sends sensitive data to external endpoints.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description match the instructions: it produces structured behavior plans mapped to tools/skills (search_web, read_file, execute_shell, calendar, slack, etc.). It does not request unrelated binaries, env vars, or installs.
- Instruction Scope
- noteSKILL.md explicitly instructs the agent to generate actionable steps that may call read_file, write_file, execute_shell, fetch_url, and external skills (calendar, slack). This is coherent for a planning tool, but it means generated plans can ask to read local files or run shell commands — sensitive operations that require explicit user consent before execution. The skill itself does not attempt to exfiltrate data or call hidden endpoints.
- Install Mechanism
- okNo install spec and no code files — lowest-risk instruction-only skill. Nothing will be written to disk by an installer.
- Credentials
- okThe skill declares no required environment variables or credentials. Example plans reference third-party skills (calendar, slack) which legitimately require user authorization; those credentials are not requested by this skill itself.
- Persistence & Privilege
- okalways:false and no persistence or configuration changes are requested. The skill does not ask to modify other skills or system-wide settings.