Skillv1.0.0

ClawScan security

wx-112 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 8:29 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, scripts, and instructions are consistent with a local self-improvement / logging helper for the OpenClaw workspace and do not request unrelated credentials or network installs.
Guidance: This skill looks coherent and local: it creates/maintains .learnings/* files and injects a small bootstrap reminder via an OpenClaw hook. Before installing, manually review the included scripts/handlers (activator.sh, error-detector.sh, extract-skill.sh, handler.js/ts) to confirm you are comfortable with: (1) copying files into ~/.openclaw/hooks (or your project) and enabling hooks, (2) the error detector reading CLAUDE_TOOL_OUTPUT (avoid enabling PostToolUse if you don't want tool output inspected), and (3) never logging secrets into .learnings. Prefer doing a dry-run with extract-skill.sh --dry-run and enabling only the UserPromptSubmit activator if you want minimal surface area. If you need the skill to operate across sessions (sessions_history / sessions_send), enable those features only in trusted environments and with explicit user consent.

Review Dimensions

Purpose & Capability: okName/description (capture learnings, errors, corrections) match the provided files and instructions: .learnings/*.md, lightweight hooks, and small helper scripts. The included OpenClaw hook handlers and activator/error-detector scripts are appropriate for this purpose and for workspace-local logging.
Instruction Scope: okRuntime instructions focus on creating/maintaining .learnings files, injecting lightweight reminders at bootstrap, and optionally running local helper scripts. The scripts reference only CLAUDE_TOOL_OUTPUT (tool output supplied by the host agent) and workspace paths; they do not sweep unrelated system files, exfiltrate data, or call remote endpoints. The SKILL.md explicitly warns not to log secrets and recommends sanitization.
Install Mechanism: noteThere is no formal install spec (no package download), which is low risk. However the skill includes local scripts and OpenClaw hook handlers that the user is instructed to copy into ~/.openclaw/hooks or project paths and enable. That is expected for this skill but users should manually inspect scripts before copying/executing them (standard local install surface).
Credentials: okThe skill declares no required env vars, credentials, or config paths. The scripts read a single environment variable (CLAUDE_TOOL_OUTPUT) that is part of the agent hook contract — appropriate for the error-detector use-case. No unrelated secrets or broad credential access is requested.
Persistence & Privilege: okThe skill does not request always: true and is user-invocable. Optional hook installation writes or injects workspace files (or virtual bootstrap files) only when the user chooses to enable hooks. The handlers only add reminders to bootstrapFiles and do not modify other skills' configs or system-wide settings beyond the explicit copy/enable steps described.