Skillv0.2.1

ClawScan security

OpenClaw Security Guard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 6:24 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (local regex-based audits) but has several implementation oddities — missing declared runtime requirement, a hard-coded Obsidian vault path, and filesystem-modifying install hooks — that warrant review before installing or running it widely.
Guidance: This skill appears to implement a useful local pre-publish/audit tool, but review it locally before running: 1) Ensure you have Node available (scripts rely on node but the skill metadata doesn't declare it). 2) Inspect write-obsidian-audit.mjs — it writes to a hard-coded path (/Users/m1/...) that likely belongs to the author; change it or delete that behavior before running to avoid unexpected writes. 3) The install-hooks.sh will create a script in $HOME/.openclaw/workspace — accept only if you want that helper installed. 4) Because the audit script reads files under whatever path you supply, avoid pointing it at sensitive system directories unless you intend to allow reading those files. 5) Prefer running the scripts in an isolated environment (container or throwaway account) and manually inspect the code (especially file-write locations) before giving the skill filesystem access. If you want higher assurance, ask the author to remove hard-coded paths and to declare Node as a required runtime.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, and scripts align: it scans text/commands/URLs/paths and audits skill folders. One mismatch: the package includes Node and bash scripts but the registry metadata lists no required binaries; a legitimate skill should declare Node (and/or bash) as a dependency/runtime requirement.
Instruction Scope: concernSKILL.md and scripts instruct the agent to read arbitrary target directories (audit-skill-dir) and to write audit notes to disk. write-obsidian-audit.mjs uses a hard-coded vault path (/Users/m1/Desktop/obsidianvault/ClawLite) which is a leak of the packager's local path and will attempt to write to that exact location when run — unexpected and undesirable. The install-hooks.sh writes a helper script into $HOME/.openclaw/workspace which modifies the user's home workspace; this is documented but is an automatic filesystem modification that users should be warned about.
Install Mechanism: okThere is no remote download/install step; the skill ships its scripts in the package. That lowers supply-chain risk. The included install-hooks.sh does create a script in the user's $HOME which is a local change but not a remote installation.
Credentials: noteThe skill does not request any environment variables or credentials (good). However, scripts write into $HOME and a hard-coded absolute path to an Obsidian vault; the latter is unrelated to the stated purpose and appears to be a leftover developer path. No secrets are requested, but the auditing scripts will read files under whatever target directory is provided (expected for an audit tool).
Persistence & Privilege: notealways:false (good). The only persistent change is install-hooks.sh which installs a helper script under $HOME/.openclaw/workspace — this is scope-limited to the user's workspace but it does modify the filesystem and create an executable helper. The skill does not attempt to modify other skills or global agent settings beyond that helper install.