Skillv1.0.0

ClawScan security

OpenClaw Code Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 3:22 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, instructions, and included script are consistent with a read-only code-search tool and do not request unrelated credentials or installs.
Guidance: This skill appears to be a straightforward, read-only code search wrapper around ripgrep/fd/tree. Before installing or using it: (1) Ensure you trust the agent workspace path used in examples (/root/.openclaw/...) or change it to a safe directory — the script will read any path you give it and could expose sensitive files if asked to search system or home directories; (2) The script checks for rg/fd/tree but does not install them automatically — DESIGN.md suggests curl downloads from GitHub releases if needed; only run those manual install commands if you trust the source and checksum; (3) The shell script parses rg --json using awk in a simplistic way (not a security issue per se, but parsing could mis-handle edge cases); (4) Autonomous agent invocation is allowed by default — if you want to limit when the agent can run filesystem searches, keep the skill user-invocable only or adjust agent policies. Overall the skill is coherent with its stated purpose, but avoid pointing it at directories containing secrets unless you intend to expose that data.

Review Dimensions

Purpose & Capability: okName/description (read-only code search) match the included files and runtime behavior: a shell wrapper around ripgrep (rg), fd, and tree. There are no unrelated environment variables, credentials, or config paths requested.
Instruction Scope: okSKILL.md and the script direct the agent to run a local shell script which performs filesystem searches. The script only reads files and directories (search path is an explicit parameter or current dir). This matches the declared purpose. Note: the tool will read any path you point it at (including system or user dirs) so results may include sensitive files if the agent is asked to search those locations.
Install Mechanism: okThere is no automated install spec in the registry (instruction-only behavior). The included DESIGN.md provides manual install suggestions, including GitHub release tarball downloads and package-manager commands; those sources are standard project releases. Nothing is automatically downloaded or executed by the registry install step.
Credentials: okThe skill requires no environment variables, no credentials, and no special config paths. All required runtime tools are standard CLIs (rg, fd, tree) and are checked at runtime by the script — proportional to the stated functionality.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system-wide changes. It does not modify other skills or global agent configuration. Autonomous invocation is allowed (platform default) but combined with no extra privileges or credentials.