Skillv1.1.0

ClawScan security

Clawl Register · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:36 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (generate a clawl.json from local agent metadata and ping an indexer) but contains a clear mismatch between the claimed Clawl endpoint and the actual default network target, and it will read local files and POST metadata to an external host — this combination is incoherent and warrants caution.
Guidance: Do not run this script until you confirm the network target and the exact data that will be sent. Specific recommendations: - Inspect scripts/register.js locally (it's included) and search for CLAWL_API — note its default points to https://moogle-alpha.vercel.app, not https://clawl.co.uk as the docs claim. Ask the publisher why the default API differs. - Run node scripts/register.js --json to only generate clawl.json and review its contents before any network activity. - If you want to actually register with the official Clawl site, change CLAWL_API in the environment to https://clawl.co.uk (or modify the script to hardcode the official URL) and re-check the request path (/api/ping or /api/register). - Consider running the script in an isolated environment (no network) to inspect generated clawl.json and ensure no sensitive text from SOUL.md, IDENTITY.md, or openclaw.json is being included. - If you did not obtain this skill from a trusted source, treat the default endpoint mismatch as a red flag and request provenance or a signed release from the skill author before allowing it to send data off-host. - If you need help reviewing the exact POST payloads the script will send, provide the full (untruncated) script and I can point to the exact fields and code paths that build the payload.

Review Dimensions

Purpose & Capability: noteName/description (register agent on Clawl, generate clawl.json) align with the script's behavior: it reads local agent metadata, enumerates installed skills, writes clawl.json and POSTs to an indexer. However, the SKILL.md repeatedly claims the indexer is at https://clawl.co.uk, while the script's default CLAWL_API is 'https://moogle-alpha.vercel.app' (overridable via process.env.CLAWL_API). This discrepancy is unexpected and unexplained.
Instruction Scope: concernThe instructions and script read multiple local files (OpenClaw config in home and cwd, SOUL.md, IDENTITY.md, and the local skills/ directory) and then POST generated metadata. Reading these files is coherent with producing a discovery manifest, but SKILL.md asserts the script 'never transmits API keys, tokens, or private data' and 'only public-facing metadata is shared' — that promise is hard to guarantee: descriptions extracted from SOUL.md/IDENTITY.md or values in openclaw.json could contain sensitive text, and the script will send whatever it includes to an external host. Also the SKILL.md and help text reference pinging clawl.co.uk; the script targets the CLAWL_API host instead.
Install Mechanism: okNo install spec — this is an instruction/script-only skill. That minimizes install-time risk (nothing is automatically downloaded/executed beyond the included script).
Credentials: concernThe skill declares no required environment variables, but the script honors process.env.CLAWL_API to select the network endpoint. That hidden/undeclared env var controls where data is sent. The script also reads HOME/USERPROFILE implicitly to find files. No credentials are required, but the ability to post local metadata to an arbitrary endpoint (via CLAWL_API) is disproportionate to the declared metadata (SKILL.md's guarantee that no private data is transmitted is not technically enforceable).
Persistence & Privilege: okFlags show always:false and user-invocable:true. The skill does not request persistent or elevated privileges and does not modify other skills or system-wide settings. It writes a local clawl.json file in the current working directory (expected behavior).