Hle Reasoning Wrapper
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: hle-reasoning-wrapper Version: 1.0.0 The skill bundle is designed to format prompts for LLMs and validate their outputs, including a local caching mechanism. All file system operations are confined to a `cache.json` file within the skill's directory, which is a legitimate use case. There are no external network calls, shell executions, or attempts to access sensitive system resources. The `SKILL.md` provides benign usage instructions, and the code lacks any indicators of data exfiltration, malicious execution, persistence, or prompt injection against the OpenClaw agent itself. The direct embedding of user input into the LLM prompt by `formatPrompt` is a standard prompt engineering technique and does not constitute a vulnerability or malicious intent within the skill's own execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, previous answers may remain on disk and could be reused later, including stale or unintended content.
The code can store answers in a persistent local cache keyed from the question, creating reusable state across invocations.
const CACHE_FILE = path.resolve(__dirname, 'cache.json'); ... cache[key] = answer; ... fs.writeFileSync(CACHE_FILE, JSON.stringify(cache, null, 2));
Document the cache behavior, provide a way to clear or disable it, and avoid caching private questions or sensitive answers.