Skillv2.1.1

ClawScan security

Skill Reviewer Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 2:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md content aligns with the stated purpose (skill review), but internal metadata mismatches and missing source/homepage make the package's provenance unclear.
Guidance: The skill's content appears to do what it claims (skill review) and has no install/secret requests, but the package metadata is inconsistent: _meta.json differs from the registry metadata (ownerId, slug, version) and there is no known source or homepage. Before installing or using this skill, ask the publisher to confirm the authoritative source and why the _meta.json differs. Prefer obtaining the skill from a verifiable homepage or registry entry, request a signed/verified package or checksum, and test the skill in an isolated sandbox. Do not grant sensitive credentials or system-level privileges to this skill until provenance is confirmed. If the publisher cannot explain the metadata mismatch, treat the package as untrusted.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, and SKILL.md instructions are coherent: they describe reviewing OpenClaw skills and the instructions stay within that scope. There are no declared binaries, env vars, or config paths that don't belong. However, the provided registry metadata (owner, slug, version) does not match values in _meta.json (different ownerId, slug, and version), which is a provenance/packaging inconsistency worth noting.
Instruction Scope: okSKILL.md is instruction-only and contains checklists, scoring rubrics, and examples for performing reviews. It does not instruct the agent to read arbitrary local files, fetch secrets, call unknown external endpoints, or run CLI commands on the host. The instructions remain within the stated review/validation scope.
Install Mechanism: okThere is no install spec and no code files — this is the lowest-risk model (instruction-only). Nothing will be downloaded or written to disk by an installer from the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. SKILL.md does not ask for secrets or external tokens. There are currently no indications of disproportionate credential requests.
Persistence & Privilege: okThe skill does not request always:true and uses default invocation settings. It does not include install hooks or instructions to modify other skills or global agent settings. Autonomous invocation is allowed by platform default but is not itself a red flag here.