Skillv1.1.0

ClawScan security

📝 文档摘要大师 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 5:43 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared behavior (local summarization, local storage under ~/.openclaw/summarize-pro, no external calls) aligns with its requirements and there are no code/install artifacts — minor metadata and wording inconsistencies lower confidence.
Guidance: This skill appears internally coherent and does what it says: local summarization and local storage under ~/.openclaw/summarize-pro. Things to check before installing: 1) Verify the publisher (homepage is missing and registry ownerId in the provided metadata differs from the _meta.json ownerId), 2) Be aware it will create and store summaries, history and templates in your home directory — these files are likely unencrypted, so avoid uploading highly sensitive documents unless you're comfortable with local storage, 3) The "calibration" step is vague — inspect the created files after first run to confirm no unexpected checks or external calls occur, and 4) Because it's instruction-only, the principal risk is accidental disclosure from saved history; periodically inspect or clear ~/.openclaw/summarize-pro if you want to limit retention.
Findings: [no_code_files] expected: The regex-based scanner had no code to analyze and found nothing; this is expected for an instruction-only skill. Review SKILL.md because it is the runtime behavior.

Purpose & Capability: okName/description match the instructions: it summarizes user-provided text locally. It only requests read/write permissions relevant to storing settings, history and saved summaries. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md instructs the agent to create and use ~/.openclaw/summarize-pro and to store settings/history there — appropriate for a summarizer. The only vague item is the "惠迈校准框架" quick calibration step which says it will "detect environment compatibility" but gives no concrete checks; this is ambiguous but not obviously malicious. The file explicitly states no external network calls and all summarization is done by the model.
Install Mechanism: okInstruction-only skill with no install spec and no code files. Nothing is downloaded or written outside the skill's own data directory per instructions.
Credentials: okNo environment variables, credentials, or system-wide config paths are requested. The declared read/write permissions are proportional to managing local settings, history and templates.
Persistence & Privilege: okDoes not request always:true and only writes to its own ~/.openclaw/summarize-pro directory. It does not attempt to modify other skills or system-wide agent settings.