Skillv1.0.0

ClawScan security

One-Click Task Dashboard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 8:27 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package largely does what its description says (build a local dashboard and install launchd jobs), but it contains developer-hardcoded paths and an automated publish/retry facility that can reuse your ClawHub CLI credentials — these behaviours are unexpected and warrant caution.
Guidance: This skill will create persistent launchd jobs (one to refresh the dashboard and one to run a local web server) and may read many files under your home directory to populate the dashboard. Before running it: 1) Inspect scripts in scripts/*.sh and build_dashboard.py yourself (notably build_dashboard.py contains hardcoded paths like /Users/dong/..., which may read unexpected files). 2) If you only want the dashboard, avoid running publish_to_clawhub.sh and do not run setup_publisher_retry.sh (those will call npx clawhub and may use your ClawHub auth to publish). 3) Consider running setup_dashboard.sh in a disposable account or VM first to see what data is collected and served. 4) If you proceed, check ~/Library/LaunchAgents for the created .plist files and remove/unload them with launchctl bootstrap/bootout if you want to uninstall. 5) If you have ClawHub credentials, do not run the publish/retry scripts unless you intend to publish — they will attempt automated publishing and retries using your CLI auth.

Review Dimensions

Purpose & Capability: noteMost files and scripts match the stated purpose: build_dashboard.py aggregates OpenClaw cron and launchctl jobs and setup_dashboard.sh installs two LaunchAgents (refresh and local HTTP server). However, additional scripts to publish the skill to ClawHub (publish_to_clawhub.sh and publish_retry.sh / setup_publisher_retry.sh) are outside the core runtime need for a local dashboard and represent monetization/automation functionality that users may not expect. Also build_dashboard.py contains hardcoded developer paths (/Users/dong/...) that are not general-purpose and are inconsistent with a generic dashboard.
Instruction Scope: concernThe SKILL.md instructs users to run setup_dashboard.sh which will create persistent LaunchAgents and start a local http.server bound to 127.0.0.1 (expected). However build_dashboard.py reads many local files (OpenClaw cron output, Library/LaunchAgents plists, and several specific logs under ~/.openclaw and a hardcoded /Users/dong/... path). Those file reads can surface local, possibly sensitive, data into the generated data.json served over localhost. The publish-related scripts will call npx clawhub whoami/publish and the optional retry agent will repeatedly try to publish — these go beyond dashboard creation and will use the user's existing clawhub auth if present.
Install Mechanism: okThere is no remote download/install step; this is an instruction-only skill with bundled scripts. No external archives or unusual installers are invoked by the package itself. The scripts call system tools (python3, launchctl, npx) which are standard.
Credentials: concernThe skill declares no required env vars, but runtime behavior will use system state and any existing CLI auth (npx + clawhub) if the user runs publishing scripts. The publish/retry scripts will attempt to use the user's ClawHub CLI credentials (via npx clawhub), which is not declared explicitly and could result in automatic publish actions using the user's account. build_dashboard.py reads specific local filesystem paths (including a hardcoded /Users/dong path) that are unrelated to the advertised generic dashboard and could leak local content into the dashboard.
Persistence & Privilege: noteThe setup scripts write LaunchAgents to ~/Library/LaunchAgents and bootstrap them, creating persistent background jobs (refresh every 5 minutes and an always-on local HTTP server). This is coherent with the stated goal of a resident dashboard, but the optional publisher-retry LaunchAgent would create a persistent periodic process that attempts to publish the skill (every 30 minutes) — a non-obvious persistent action that may have side effects if left enabled.