Skillv1.0.1

ClawScan security

Config Checkpoint · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 5:10 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions are coherent with its stated purpose (git-based checkpoints for OpenClaw config); it performs destructive git operations but includes safety checks and user confirmations — the only minor inconsistency is it does not declare 'git' as a required binary.
Guidance: This skill appears to do what it says: create and restore git checkpoints for your OpenClaw config. Before installing/using it: 1) Ensure the agent runtime has git installed (the skill uses git but doesn't declare it). 2) Keep a separate backup of ~/.openclaw (in case of accidental hard resets). 3) Prefer targeted git add over git add -A to avoid committing secrets; follow the SKILL.md .gitignore and sensitive-file scan steps. 4) When prompted for a hard reset, verify the file list carefully — hard reset is destructive and irreversible. 5) If you plan to allow autonomous agent actions, accept that the agent could run commits/resets; ensure prompts and confirmations are enforced and that the agent's permissions are limited to the intended config directory.

Review Dimensions

Purpose & Capability: noteThe skill's name and description match the actions described in SKILL.md (saving commits and rolling back via git) and the files and paths referenced (~/.openclaw and workspace/*) are appropriate for managing OpenClaw configuration. Minor inconsistency: the skill uses git commands but the metadata lists no required binaries; the skill should declare git as a requirement so operators know the runtime must provide git.
Instruction Scope: okSKILL.md instructs the agent to run git operations (git status, git add, git commit, git reset) inside ~/.openclaw and to scan for sensitive files beforehand. The instructions do not direct data to external endpoints or request unrelated credentials. They explicitly require .gitignore checks and user confirmation for destructive actions; this keeps scope bounded to configuration versioning. The skill does include potentially destructive commands (git reset --hard), but it documents safeguards and confirmation steps.
Install Mechanism: okInstruction-only skill with no install spec and no code to write to disk. This is low-risk from an installation perspective.
Credentials: noteThe skill requests no environment variables or credentials, which is proportional. However, it operates on the user's configuration directory (~/.openclaw) and will read and modify configuration and skill files; that file-system access is intrinsic to its purpose and should be expected. Operators should be aware the agent needs read/write access to those paths.
Persistence & Privilege: okalways:false and autonomous invocation allowed (disable-model-invocation:false). Autonomous invocation is normal; SKILL.md explicitly requires confirmation when acting autonomously for commits and mandates explicit confirmation for hard resets, which mitigates risk. No evidence the skill attempts to modify other skills' configs or to persist beyond its own instructions.