Skillv0.1.0

ClawScan security

Remind Me · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 12:31 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill’s code, runtime commands, and required binaries all match the stated purpose (creating/listing/canceling channel‑scoped reminders) and there are no unexplained credentials, network endpoints, or risky install steps.
Guidance: This skill appears to be what it claims: a channel-scoped reminder/cron helper that uses the OpenClaw CLI. Before installing, confirm the host environment actually provides the 'openclaw' CLI and that the agent is permitted to call it. Note two practical considerations: (1) the service lists all cron jobs (cron list --all) then filters by a tag — if the gateway returns other jobs or verbose errors the skill might surface unrelated data in error messages, so check what the gateway's cron list output contains in your environment; (2) the SKILL.md insists the agent auto-read channel/chatId from session context and never ask the user — ensure your platform's session object exposes only the expected identifiers and you’re comfortable with the agent accessing them. If those points are acceptable, the skill is coherent and proportionate to its stated purpose.

Review Dimensions

Purpose & Capability: okName/description, required binaries (uv, openclaw), and the included Python scripts consistently implement scheduling via the OpenClaw CLI (cron add/list/rm). Asking for channel + chatId from session context is consistent with delivering reminders to the originating chat.
Instruction Scope: noteSKILL.md clearly instructs the agent to auto-detect channel/chatId from session context and to call the included script via 'uv run' with those values. This stays within the stated purpose. Minor caution: the skill calls the gateway to 'cron list --all' and then filters results; if the gateway returns other jobs or verbose output, error messages could include unrelated data. The instructions also use an absolute workspace path (/root/.openclaw/...) which is platform-specific but not malicious.
Install Mechanism: okNo install spec or external downloads are present; the skill is instruction-plus-source and runs the bundled Python script via the platform 'uv' runner. No remote code fetch or archive extraction is requested.
Credentials: noteThe skill requires no environment variables or external credentials. It does require access to the session context (channel/chatId) which is appropriate for scoped reminders. This is proportional, but you should be aware the agent is instructed to read session context values (not to ask the user) — verify your platform's session object only exposes the expected chat metadata.
Persistence & Privilege: okThe skill does not request 'always: true', does not persist or modify other skills' configs, and requires only normal runtime invocation. Autonomous invocation remains enabled (platform default) which is expected for skills of this type.