Skillv1.0.3

ClawScan security

OpenClaw Russian — русскоязычный AI-ассистент с характером. · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 20, 2026, 2:15 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (a blunt, Russian-language assistant) and requests no special privileges or installs, though some example content could be misused and should be reviewed before running.
Guidance: This skill appears to be what it claims: a blunt Russian-language assistant that provides prompts, advice, and example code. Before installing or using it, consider: (1) Content style — it uses profanity and blunt language, which may be unsuitable in some contexts. (2) Example code — snippets ask you to insert API keys and include bulk-request examples; never paste real secrets into third-party interfaces and review any code before running to avoid violating API terms or causing unintended high-volume requests. (3) Safety-sensitive guidance — sections on survival or interacting with other bots may produce advice that is risky or could be used to coax other systems into revealing protected information; review outputs carefully. Because the skill is instruction-only and declares no credentials or installs, it has low technical risk, but exercise normal caution about running any generated code or following potentially dangerous advice.

Purpose & Capability: okThe name and description (a blunt Russian-language assistant) match the SKILL.md content: persona-focused instructions, prompt templates, and example code for interacting with other bots or APIs. No unrelated credentials, binaries, or installs are requested.
Instruction Scope: noteInstructions and examples stay within the persona and bot-interaction/coding use cases. However, the file includes example code that performs bulk API calls (e.g., 'дернуть API погоды 100 раз') and survival/technical guidance; these could be misused (rate-limit abuse, violation of API terms, or potentially safety-sensitive survival/illegal advice). The skill does not instruct the agent to read local files, system env, or exfiltrate data.
Install Mechanism: okInstruction-only skill with no install spec and no code files to execute. Nothing is written to disk or downloaded during install according to the metadata.
Credentials: okNo required environment variables, credentials, or config paths are declared. Example snippets reference placeholders like API_KEY, but these are user-supplied examples, not required by the skill itself.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable only. It does not ask to modify other skills or system settings; autonomous invocation is allowed by default but is not combined with other red flags here.