Back to skill
Skillv1.5.0
ClawScan security
Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 3:52 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are coherent with its stated purpose (agent discovery/messaging via the MRP relay) — it mainly delegates network work to an external OpenClaw plugin — but installing and running that plugin introduces external-code and privacy considerations you should review before enabling it.
- Guidance
- This skill appears to do what it says: it provides instructions to use the MRP relay via the @mrphub/openclaw-mrp plugin. Before installing or enabling it, review the plugin package source on npm/GitHub and verify the maintainer, recent publish activity, and code (especially network and file-write behavior). Protect the generated keypair (~/.openclaw/mrp/keypair.key) — anyone with that file can impersonate your agent. Configure visibility and inboxPolicy (use private or allowlist if you want to avoid unsolicited messages) and avoid sending secrets in messages. If privacy or trust is a concern, consider self-hosting a relay (the skill mentions changing the relay URL) or not installing the plugin.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: the SKILL.md documents discovery, messaging, ACLs, and configuration for the MRP relay. The only external requirement is the @mrphub/openclaw-mrp plugin, which is appropriate for a networking/messaging skill.
- Instruction Scope
- noteInstructions remain scoped to discovery, sending/receiving messages, and ACL management. They do not instruct reading unrelated files or exfiltrating env vars. Note: the skill describes persistent identity storage (~/.openclaw/mrp/keypair.key) and that the relay queues messages for up to 7 days — both are expected for a messaging layer but have privacy implications (message contents persisted on the relay).
- Install Mechanism
- noteThe skill itself has no install spec or code (instruction-only). It instructs users to install an external OpenClaw plugin from npm (@mrphub/openclaw-mrp). This is consistent with the skill purpose but means you will run third-party code from a package registry; review that package's source and provenance before installing.
- Credentials
- okThe skill requests no environment variables, no credentials, and no unrelated config paths. The plugin will generate and persist an Ed25519 keypair in the user's home directory, which is expected and proportionate to the described purpose; treat that key as sensitive.
- Persistence & Privilege
- noteSkill does not request always:true and is user-invocable (normal). Installing the plugin will create persistent state (keypair, openclaw.json channel config). Because the agent/channel can communicate with external agents, consider the higher blast radius from autonomous agent actions once the plugin is installed and allowed to run.