Skillv1.0.0

ClawScan security

windylam · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 6, 2026, 8:47 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested environment variables are coherent with its stated purpose of fetching Gmail ride receipts locally, extracting them via a local OpenClaw Gateway, storing results in SQLite, and exporting an anonymized CSV.
Guidance: This skill appears to do exactly what it says: it uses the gog CLI to fetch ride receipts from a selected Gmail account, stores the raw email JSON/HTML locally, sends that raw payload to a Gateway model running on localhost for extraction, and loads the extracted records into a local SQLite DB and anonymized CSV. Before installing/run it: (1) ensure you have and trust a local OpenClaw Gateway instance (the skill refuses non-local hosts), (2) confirm you are comfortable with raw receipt HTML/JSON being written to data/ride-insights/emails.json and sent to the local model, (3) protect the OPENCLAW_GATEWAY_TOKEN and the ~/.openclaw/openclaw.json file, (4) review and delete emails.json if you do not want the raw receipts to persist, and (5) ensure the gog CLI is authenticated only for the account(s) you intend to process. If you need remote/external extraction or do not want raw emails written to disk, do not install or run this skill.

Review Dimensions

Purpose & Capability: okName/description ask for Gmail receipt collection, local extraction, and CSV export. Declared binaries (gog, python3), required env vars (OpenClaw gateway token/URL/model), and included scripts directly match that purpose. No unrelated credentials, binaries, or external services are requested.
Instruction Scope: noteSKILL.md and code clearly instruct fetching full receipt emails via the gog CLI and saving them to data/ride-insights/emails.json, then sending the raw per-email JSON/HTML to a local loopback Gateway (/v1/responses) for extraction. The skill documents and enforces asking the user for account selection and confirmation before extraction, and explicitly restricts Gateway hosts to localhost/127.0.0.1/::1. This behavior is expected for the stated purpose but important to note: raw receipt HTML/JSON is sent to a local model and emails.json persists on disk until deleted.
Install Mechanism: okNo remote install/downloads or package installs are declared; this is an instruction-only skill with bundled scripts that rely on existing gog and python3 binaries. That is low-risk and proportionate to the task.
Credentials: okDeclared environment variables (OPENCLAW_GATEWAY_TOKEN, OPENCLAW_GATEWAY_URL, OPENCLAW_GATEWAY_MODEL) are directly required for calling the local Gateway. The skill also accepts a local config fallback (~/.openclaw/openclaw.json) as documented. No unrelated secrets are requested.
Persistence & Privilege: okThe skill writes local artifacts (emails.json, rides.json, rides.sqlite, exported CSV) under data/ride-insights and reads ~/.openclaw/openclaw.json for Gateway auth as documented. always is false and it does not modify other skills or system-wide agent configs. Autonomous invocation is allowed by default but not exceptional here.