Skillv1.0.4

ClawScan security

wangkang-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 4:16 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with a local 'self-improvement / learning capture' helper — it injects reminders, provides local logging templates, and includes safe helper scripts that write only to the user's workspace when explicitly run or enabled.
Guidance: This skill appears coherent and local-only: it adds reminders, templates, and small helper scripts for capturing learnings. Before enabling or running anything: 1) Review the hook and scripts (they are small and readable) so you understand what will run and when. 2) If you enable the OpenClaw hook, remember it injects a reminder at session bootstrap (it does not phone home). 3) Be cautious when promoting learnings or logging full tool outputs into workspace files — those logs can contain sensitive data (API keys, error traces, or transcripts). 4) If you only want lightweight reminders, enable the activator and skip the PostToolUse/error-detector; if you avoid running extract-skill.sh you avoid creating new files automatically. Overall the skill is consistent with its stated purpose, but treat any promoted logs as potential sensitive artifacts and review them before sharing.

Review Dimensions

Purpose & Capability: okName/description (capture learnings, errors, promote fixes) align with provided files: SKILL.md, three small shell scripts, and OpenClaw hook handlers. None of the files request unrelated cloud credentials, network calls, or binaries that would be disproportionate for a logging/self-improvement tool.
Instruction Scope: noteThe SKILL.md instructs the agent/user to create and update .learnings/ files and to optionally copy/enable a hook under ~/.openclaw/hooks. The skill also references OpenClaw session APIs (sessions_list, sessions_history, sessions_send, sessions_spawn). Those are platform features — their use is coherent for a cross-session learning workflow, but they imply the agent may read or reference session transcripts and that learnings can be promoted into shared workspace files (SOUL.md, AGENTS.md, etc.). That promotion is user-directed, but could persist sensitive content if not reviewed.
Install Mechanism: okThere is no automated installer; the skill is instruction-first and ships small local scripts and hook handlers. extract-skill.sh creates files in a relative ./skills directory and contains path checks to avoid absolute paths or '..'. scripts are small, inspectable, and have no network/download steps. This is an expected, low-risk pattern for a local helper.
Credentials: noteThe skill declares no required environment variables, which matches its purpose. One script (scripts/error-detector.sh) reads CLAUDE_TOOL_OUTPUT to detect errors; that env var is an expected runtime artifact in OpenClaw/Claude integrations but is not listed in frontmatter. No credentials or secrets are requested.
Persistence & Privilege: notealways:false and no special privileges are requested. Enabling the hook (openclaw hooks enable ...) will cause the handler to inject a virtual reminder at agent bootstrap; hooks run with the same permissions as the agent runtime. This behavior is expected for a reminder/logging skill, but combined with the skill's encouragement to promote learnings across workspace files and sessions, users should review any content before promoting to shared files.