Back to skill
Skillv1.0.0
ClawScan security
OpenClaw Codex GPT-5.4 Enable · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 6, 2026, 2:01 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's steps to patch ~/.openclaw/openclaw.json are coherent with its purpose, but there are a few inconsistencies and a risky recommendation (an external baseUrl) that you should review before applying the change.
- Guidance
- This skill documents a manual, configuration-layer way to enable openai-codex/gpt-5.4 and is otherwise coherent, but review two things before applying it: (1) the example JSON uses $OPENAI_API_KEY even though the skill doesn't declare any required env vars — ensure you understand which API key will be used and never paste secrets into shared or untrusted files; (2) the suggested baseUrl (https://chatgpt.com/backend-api) is a third-party gateway — unless you explicitly trust that endpoint, point the provider to your trusted gateway (for example an official API host) because model requests and keys could be routed off your system. Always back up ~/.openclaw/openclaw.json, test changes in a separate session, and verify that model traffic is going to a host you control or trust.
Review Dimensions
- Purpose & Capability
- noteName and description match the instructions: the skill documents how to add a provider/model/alias/fallback to ~/.openclaw/openclaw.json and verify with openclaw commands. Requiring the openclaw binary only is appropriate.
- Instruction Scope
- noteInstructions are scoped to editing the user's OpenClaw config and running openclaw CLI/ session_status. They do not ask to read unrelated system files. However the recommended provider baseUrl (https://chatgpt.com/backend-api) points model traffic to a third-party gateway — that is outside the skill's stated 'enable locally' reassurance and could send user data to an external service.
- Install Mechanism
- okInstruction-only skill with no install steps or code; nothing is written to disk by the skill itself beyond user-applied config edits. This is the lowest install risk.
- Credentials
- concernThe example JSON contains apiKey: "$OPENAI_API_KEY" but the skill's declared requirements list no environment variables. The skill therefore references a credential (OPENAI_API_KEY) without declaring it — a mismatch users should be aware of. Also, directing requests to a non-OpenAI domain (chatgpt.com) combined with an API key could cause sensitive model traffic or keys to be sent to third parties.
- Persistence & Privilege
- okSkill does not request persistent or elevated privileges and does not set always:true. The workflow edits only the user's ~/.openclaw/openclaw.json (user-level config) and provides a rollback procedure.