Skillv1.5.0

ClawScan security

Travel Lobster · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 3:22 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared requirements and runtime instructions are consistent with an autonomous web-exploration postcard generator; it asks only for the OpenRouter API key (for image generation) and uses openclaw for scheduling and workspace files for persistent memory.
Guidance: This skill is internally coherent, but review and consider these practical points before installing: - Cost & volume: The skill schedules repeated autonomous trips and documents per-postcard costs (~$0.03–0.06). At default intervals (60–180m) this can become continuous daily spend and many outbound messages. Adjust min/max intervals or run in test mode first. - Local file access: setup.sh auto-reads IDENTITY.md, USER.md, and SOUL.md to personalize postcards and will create/write memory/travel-journal.md and a .travel-config in the skill dir. If those files contain sensitive info you don't want the skill to use or propagate to chat, remove or sanitize them first. - API key usage: The skill requires OPENROUTER_API_KEY for image generation. Provide a key with usage limits or monitoring (do not reuse high-privilege keys) and be aware that the key will be used by gen_image.py to call openrouter.ai. - Persistent scheduling: The skill uses openclaw cron to schedule runs and offers an optional watchdog cron entry. If you do not want long-running autonomous behavior, do not add the watchdog to system crontab and inspect cron jobs with 'openclaw cron list' before and after starting. - Inspect the scripts: The included scripts are readable shell/Python files; review them (they are short) to confirm you are comfortable with their read/write paths and logging. The image client expects a particular response format from openrouter.ai (may fail if API returns different shape), but this is an operational bug risk, not a security mismatch. - Testing recommendation: Run setup.sh and a single run of travel.sh pointing at a test/chat you control and with large min/max intervals (e.g., 1440–2880 minutes) to verify behavior, output files, and costs before enabling frequent autonomous runs. If you accept these tradeoffs (personalization via local files, one external API key, and autonomous scheduling), the skill's requests and behavior are coherent with its stated purpose.

Review Dimensions

Purpose & Capability: okRequested binaries (bash, python3, envsubst, openclaw) and the OPENROUTER_API_KEY align with the described behavior: openclaw schedules/launches agent sessions, python3 runs image generation, envsubst fills the prompt. No unrelated credentials or binaries are requested.
Instruction Scope: noteSKILL.md and references explicitly instruct the agent to read and edit a persistent journal in the workspace, to crawl publicly accessible websites (with an explicit forbid-list for private/internal IPs and authenticated services), generate images, and send messages to a chat. This is in-scope for the advertised persistent 'travel memory' feature, but it does mean the skill will read local workspace files (IDENTITY.md, USER.md, SOUL.md) and write memory/log files. The run loop also requires the agent to schedule its next run every trip (Step 7), which enforces persistent autonomous behavior.
Install Mechanism: okThere is no install spec (instruction-only + small scripts), so nothing is downloaded or installed by the registry. The included scripts are plain shell and Python files; no external archives or untrusted download URLs are used.
Credentials: noteOnly one secret is declared: OPENROUTER_API_KEY (primaryEnv) for image generation via OpenRouter/Gemini Flash, which matches the image-generation step. The skill does read local workspace files (names/timezone/language) and writes journal/config files under the workspace/skill directory; that local file access is reasonable for personalization but may surface personal info from USER.md/IDENTITY.md. No other unrelated credentials are requested.
Persistence & Privilege: notealways:false and autonomous invocation are standard. However, the scripts implement a self-scheduling loop (openclaw cron add) and an optional watchdog to restart the loop via crontab; Step 7 requires scheduling the next run every trip. This yields persistent autonomous runs that can produce many messages and charges over time (costs are documented). The skill does not modify other skills' configs or request excessive system privileges.