Skillv1.0.0

ClawScan security

mobile app builder with live link, publishes to app store, create ai apps · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 11:09 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior matches its stated purpose (building and publishing apps) but the registry metadata omits key runtime details (local auth storage path and many optional credentials) and the SKILL.md instructs file I/O and network interactions that require careful review before trusting sensitive tokens.
Guidance: This skill appears to implement what it claims (building, iterating, and publishing apps), but it will: (1) start a device-login flow or accept personal tokens and then save a PAT to ~/.openclaw/launchpulse/auth.json (or a custom OPENCLAW_STATE_DIR), (2) accept many optional external-service tokens (GitHub, Fly, Stripe, RevenueCat) necessary for deployment/publishing, and (3) send project data to a hosted API (api.launchpulse.ai by default). Before installing or using it: inspect the included script, confirm the API base URL is legitimate, avoid entering high-privilege production secrets unless necessary (use least-privilege or temporary tokens), consider setting OPENCLAW_STATE_DIR to a controlled location, and delete local auth.json when done. If you need higher assurance, run the skill in a sandboxed environment or review network traffic to verify what data is sent.

Review Dimensions

Purpose & Capability: noteName/description claim to build web/mobile apps and publish them; the included script and CLI options actually implement that (API calls to a hosted LaunchPulse service, deploy/publish workflows, support for GitHub/Fly/Stripe tokens). This capability set is coherent with the stated purpose. However, the registry metadata claims 'no required env vars' and 'no required config paths' while SKILL.md and the script actually rely on and store authentication under the OpenClaw state directory—an omission in the manifest.
Instruction Scope: noteSKILL.md instructs the agent to run the provided node script from the OpenClaw workspace and to pass/accept files like payload JSON, .env files, and other user-supplied files. The script performs network requests to the LaunchPulse API, may upload project data and read/write the user's OpenClaw state directory. All of this is consistent with an app builder, but it means the skill will read/write local files and transmit data to api.launchpulse.ai (or an overridden API base).
Install Mechanism: okNo install spec; the skill is instruction-only but includes a JS script. There is no remote binary download or installer; the script uses standard Node APIs and global fetch. This is a low-risk installation mechanism in itself.
Credentials: concernThe metadata declares no required env vars or config paths, yet SKILL.md and the script reference multiple environment variables (LAUNCHPULSE_PAT/LAUNCHPULSE_API_KEY/LAUNCHPULSE_ACCESS_TOKEN, LAUNCHPULSE_API_BASE_URL, and many optional tokens/keys for GitHub, Fly, Stripe, RevenueCat, etc.) and will store a PAT at ${OPENCLAW_STATE_DIR:-~/.openclaw}/launchpulse/auth.json. Requesting or accepting service credentials is proportionate to deploy/publish functionality, but failing to declare the config path and the range of optional credentials in the registry metadata is an inconsistency and a privacy/security concern.
Persistence & Privilege: okThe skill stores a personal access token locally (auth.json under the OpenClaw state dir) and uses it for API calls — this is expected for a CLI that talks to a hosted service. always:true is not set. The skill does not request system-wide privileges or modify other skills' configurations per the provided files.