Back to skill
Skillv1.1.0
ClawScan security
Openclaw Automation Recipes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 6:50 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- This is a collection of offline automation recipe templates that are internally consistent with their stated purpose, but they reference many external services and example destinations (S3, Telegram, Discord, publishing platforms) that you must configure and vet before use.
- Guidance
- This skill is a set of example automation templates, not executable code. Before using: (1) Review and edit every recipe — replace example endpoints (s3://backup-bucket/, example.com, publish targets) with your trusted destinations. (2) Ensure the OpenClaw runtime is configured with credentials only for services you trust (AWS, Telegram bot tokens, Discord webhooks, DB credentials). (3) Be cautious when enabling backups or send actions: a misconfigured destination can leak data. (4) Treat the author contact (WeChat/Telegram) as an external monetized support channel — do not share secrets when requesting paid customization. If you want higher assurance, ask for details about how your OpenClaw installation stores and scopes service credentials and review the OpenClaw runtime's permission model before enabling these automations.
Review Dimensions
- Purpose & Capability
- okThe name/description (automation recipes) match the contents: 10 YAML recipe examples for triggers and actions. There are no unexpected required binaries, env vars, or installs for the stated purpose — the files are purely example configurations.
- Instruction Scope
- noteSKILL.md provides example automation YAMLs (fetch, summarize, send, backup, publish, etc.). It does not instruct the agent to read arbitrary system secrets or run opaque code, but the recipes implicitly assume the OpenClaw runtime will perform network calls and access local paths (e.g., ~/.openclaw/data). The file content is templates rather than executable instructions issued by the skill itself.
- Install Mechanism
- okNo install spec and no code files are included (instruction-only). This minimizes direct supply-chain risk because nothing is downloaded or written by the skill at install time.
- Credentials
- noteThe recipes reference external services and destinations (S3 bucket, Telegram/Discord/DingTalk, databases, social platforms) but the skill declares no required environment variables or credentials. That is reasonable for templates, but you should be aware these automations will require you to supply credentials/configuration in the OpenClaw runtime; misconfiguration (e.g., leaving an attacker-owned s3:// URL) could lead to data exfiltration.
- Persistence & Privilege
- okalways is false and there are no instructions to modify other skills or system-wide settings. The skill does ask users to place files under ~/.openclaw/automations and restart OpenClaw, which is normal for a recipe set.