ClawHub
Back to skill
v1.0.0

OpenClaw Skill Reviewer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:08 AM.

Analysis

The skill is a coherent instruction-only reviewer, but it tells the agent to test scripts from skills under review without clear sandboxing or approval safeguards.

GuidanceUse this skill cautiously on unknown or third-party skills. It is fine as a review checklist, but do not let it run target-skill scripts directly unless you have inspected them and are using a sandbox or disposable environment.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityHighConfidenceHighStatusConcern
SKILL.md
**For skills with scripts:**
- Test scripts to ensure they work correctly
- Verify output matches expected format
- Check error handling

This directs the agent to execute or test scripts contained in the skill being reviewed, but the artifacts do not require sandboxing, prior static inspection, least-privilege execution, or user approval.

User impactA buggy or malicious reviewed skill script could modify local files, access local data, or perform network actions if run directly during review.
RecommendationTreat reviewed scripts as untrusted: inspect them first, run only in an isolated sandbox or disposable workspace, and get explicit user approval before executing any target-skill code.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
python3 /home/yupeng/.npm-global/lib/node_modules/openclaw/skills/skill-creator/scripts/package_skill.py <skill-path>

The validation workflow relies on a hardcoded, user-specific external script that is not bundled with this skill, so its provenance and behavior are outside the provided artifacts.

User impactThe command may fail on other systems or may run whatever file exists at that local path.
RecommendationUse a declared, versioned OpenClaw validator or document how users should verify the local package_skill.py path before running it.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
Example: If skill generates AGENTS.md templates, compare with `/home/yupeng/.openclaw/workspace/AGENTS.md`

The skill suggests using a local persistent agent/workspace instruction file as the reference source. This is purpose-aligned for template verification, but the path is hardcoded and may contain local context rather than a clean public specification.

User impactA review could inadvertently rely on or quote private/local agent instructions as if they were general OpenClaw specifications.
RecommendationPrefer bundled public specifications or a user-approved spec file path, and avoid copying private workspace content into review output.