Skillv1.0.0

ClawScan security

model-info · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 26, 2026, 3:35 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (reporting runtime model/session information) aligns with its instructions (read the system's session_status output) and it requests no extra credentials or installs, but the SKILL.md is vague and makes absolute claims about accuracy and the sensitive nature of reported fields that you should consider before installing.
Guidance: This skill appears to be what it says: a read-only reporter that pulls info from the runtime's session_status. Before installing, verify that your OpenClaw runtime actually exposes a safe 'session_status' and understand what that command returns in your environment (it may include provider endpoints, API key source/type, and token usage). Because SKILL.md is vague and claims '100% accuracy', test it in a non-production or isolated environment first to see what it prints and confirm it doesn't leak secrets you don't want exposed. If you will use it in a shared environment, ask the skill author (or your platform admin) whether outputs are redacted and whether access to this skill should be restricted.

Purpose & Capability: okThe name/description (get current model details) match the instructions (pull data from the system's session_status). No unrelated binaries, env vars, or installs are requested, so the capability requested is proportionate to the stated purpose.
Instruction Scope: noteInstructions are short and coherent — they direct the agent to use the 'session_status' output. However they are vague about exact commands/APIs to call and make an absolute '100% accurate' claim. 'session_status' may expose sensitive runtime fields (API endpoints, key type, session tokens) and the skill gives no guidance about redaction, minimal disclosure, or error handling if the command is unavailable.
Install Mechanism: okNo install spec and no code files to execute — this is instruction-only, which minimizes installation risk. Nothing is downloaded or written to disk.
Credentials: noteThe skill requests no environment variables or credentials (proportionate). But the output it promises (API key type, endpoint, session status, token usage) can contain sensitive information; the skill does not document any safeguards or limitations on exposing such data.
Persistence & Privilege: okNo elevated persistence requested (always:false) and it doesn't modify other skills or system settings. Default autonomous invocation is allowed but that is the platform norm and not by itself concerning.