Skillv1.0.1

ClawScan security

agents efficient workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 7:50 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and files are coherent with its stated purpose (agent-to-agent spawning plus local Markdown handoffs); it requests no credentials, performs no network installs, and only prescribes writing/reading local handoff files.
Guidance: This skill appears to be what it says: it coordinates agents by spawning a targeted agent and exchanging local Markdown handoff files. Before installing or using it, consider: (1) The handoff directory (~/.openclaw/shared-handoffs/) will contain whatever agents write — do not store secrets, credentials, or PII there. (2) Restrict access to the directory (e.g., chmod 700) and regularly prune or encrypt handoffs if they contain sensitive artifacts. (3) Confirm your platform's sessions_spawn behavior and that only trusted agents can be spawned. (4) If multiple users share the machine, use per-user or access-controlled directories instead of a shared global path. (5) Monitor handoff files for unexpected content and keep retention policies. Overall the skill is internally consistent, but the usual filesystem and privacy hygiene is important.

Purpose & Capability: okName/description match the runtime instructions: the SKILL.md explains targeted sessions_spawn and local Markdown handoff files and includes a template. All required capabilities (filesystem handoffs and targeted agent spawn) are consistent with the stated goal.
Instruction Scope: noteInstructions explicitly instruct agents to create and read handoff files under ~/.openclaw/shared-handoffs/ and to use targeted spawn paths. This is in-scope for the skill, but it does grant agents filesystem read/write access to a user directory — a privacy/data-exposure risk if sensitive content is stored there. The SKILL.md does not instruct reading other unrelated system paths or environment variables.
Install Mechanism: okInstruction-only skill with no install spec and no code files. No downloads, packages, or binaries are requested, so there is minimal install-time risk.
Credentials: okThe skill declares no environment variables, no credentials, and no config paths beyond the suggested handoff directory. The requested access (local handoff files) is proportional to its purpose.
Persistence & Privilege: okalways:false and no special persistence or system-wide configuration changes. The skill does not request permanent inclusion or elevated privileges over other skills.