Skillv2.0.2

ClawScan security

OpenClaw Usage Dashboard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 8:15 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (a local, localhost-only dashboard that reads OpenClaw session logs); required privileges and artifacts are proportional to that purpose.
Guidance: This skill appears to do what it says: run a local Node server that reads ~/.openclaw/agents/*/sessions/*.jsonl and shows usage metrics on http://localhost:PORT. Before installing/running: (1) Inspect server.js yourself (it is bundled) to verify you are comfortable with the file I/O and the fixed system commands it runs; (2) Run it unprivileged (your normal user), not as root/admin; (3) Confirm the server binds only to localhost (SKILL.md and code default to 127.0.0.1) or explicitly pass --host 127.0.0.1; (4) If you are concerned about secrets in logs, either review a few session files manually or run the server in a sandbox to confirm no raw secrets are exposed; (5) Because the server uses execSync for system health commands, make sure your platform's commands are safe and that the machine is otherwise secure. If you need additional assurance, you can run node server.js in an isolated environment and monitor outbound network activity to confirm nothing leaves your machine.

Review Dimensions

Purpose & Capability: okName/description claim a local dashboard that reads OpenClaw session logs; the package includes server.js and dashboard.html that read ~/.openclaw/agents/*/sessions/*.jsonl and compute aggregates (tokens, request counts, system health). No unrelated credentials or services are requested.
Instruction Scope: okSKILL.md instructs running node server.js and opening localhost. server.js reads only local session log files and exposes aggregated metrics; it does not embed instructions to read unrelated system state or exfiltrate data. The server does run a small set of fixed system commands (vm_stat, df, powershell, openclaw version, and platform openers) for system-health fields, which matches the 'system health' feature described.
Install Mechanism: okNo install spec is provided (instruction-only install), and the README/SKILL.md explicitly tell the user to run node server.js. No third-party packages or remote downloads are required. Code is included in the skill bundle so nothing needs to be fetched from external URLs at install time.
Credentials: okThe skill requests no environment variables or credentials. The server contains explicit sanitization patterns and an audit claiming it redacts secrets and does not return raw message content. The few operations that could surface sensitive text (parsing toolResult text) are used only to extract numeric rate-limit headers, not to expose raw responses.
Persistence & Privilege: okThe skill does not request permanent 'always' inclusion and binds to localhost by default. It opens a local HTTP server and may auto-open the user's browser; it does not modify other skills or global agent settings.