Back to skill
Skillv0.1.0
ClawScan security
Openclaw Skill Marketplace · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 6:08 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The package does what its name/description claim (a local skill marketplace that lists, searches, recommends and calls ClawHub to install/sync skills); nothing in the code requests unrelated credentials or hidden endpoints, but the documentation contains minor contradictory statements about external downloads and the scripts rely on npx (which will fetch code at runtime).
- Guidance
- This skill is internally coherent for a local marketplace: it lists/searches/recommends and relies on the ClawHub CLI to fetch and install skills. Before using it: 1) Understand that install/sync commands call 'npx clawhub' which will fetch and run code from the npm/ClawHub ecosystem — only run if you trust ClawHub and the npm package. 2) Review the bundled scripts (they are included) and verify ~/.openclaw/workspace/skills permissions. 3) Note the documentation is slightly inconsistent about external downloads; assume network activity when running sync/install. 4) If you want stronger assurance, inspect the @openclaw/clawhub package source (or pin a specific verified version) before running npx, and run the install/sync commands in a restricted/testing environment first.
Review Dimensions
- Purpose & Capability
- okName/description match the included files: scripts implement browsing, enhanced search, recommendations, syncing from ClawHub, and installing via the ClawHub CLI. The required resources (reading ~/.openclaw/workspace/skills, writing a synced-skills.json, calling npx clawhub) align with a skill marketplace.
- Instruction Scope
- noteRuntime instructions (SKILL.md and scripts) operate on local skill metadata under ~/.openclaw/workspace/skills and display/install items. They explicitly call external tooling via 'npx clawhub' for explore/install operations (sync/install will network). The instructions do not attempt to read unrelated system files or environment variables. The only scope confusion is a documentation claim that there is 'no external download' while the scripts and docs also acknowledge that npx/clawhub will download skills—this is a documentation inconsistency rather than hidden behavior.
- Install Mechanism
- noteThere is no package-install spec (instruction-only skill) and all Python scripts are bundled. At runtime the scripts invoke 'npx clawhub ...' which will fetch/execute code from the npm registry (via npx) and download skills from the ClawHub registry. This is expected for a marketplace but means remote code will be pulled at runtime via npx rather than being fully self-contained.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths beyond using the user's home directory (~/.openclaw/workspace/skills). The level of access (reading skill SKILL.md files and writing synced-skills.json plus installing into the skills directory) is proportional to a marketplace/installer tool.
- Persistence & Privilege
- okSkill is not marked always:true and does not modify other skills' configurations beyond installing new skill folders under ~/.openclaw/workspace/skills. It writes a synced-skills.json into its own config folder. No privileged/system-wide changes are requested.