Skillv1.0.0

ClawScan security

Context Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 11:08 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description (monitoring and compressing context) is plausible, but the runtime instructions reference PowerShell scripts and CLI actions that are not included or declared, creating coherence and execution-safety concerns — inspect the actual scripts before installing.
Guidance: Do not install or enable this skill until you can review the actual scripts it references. Specifically: (1) request the monitor.ps1 and compress.ps1 source and inspect them for any network calls, deletion of files beyond conversation data, or credential access; (2) verify how '关键记忆' is identified and that retention logic is safe; (3) confirm the environment will have PowerShell and the OpenClaw CLI, or adjust the instructions; (4) avoid running Set-ExecutionPolicy Bypass persistently — prefer running PowerShell in a sandboxed session or using -ExecutionPolicy Bypass just for a single, reviewed script run; (5) if you cannot obtain or review the scripts, treat the skill as untrusted and do not schedule it as a cron job. Because the source is unknown and the published bundle is missing the implementation, proceed with caution.

Review Dimensions

Purpose & Capability: concernThe stated purpose (monitor and compress context to keep responsiveness) is coherent with the described behavior. However, SKILL.md lists monitor.ps1, compress.ps1 and config.json as part of the skill, yet the package contains no code files. The instructions also assume the presence of the OpenClaw CLI (openclaw cron add) and PowerShell runtime without declaring them as requirements. That mismatch (declared file structure but no provided scripts, and unstated binary dependencies) is inconsistent.
Instruction Scope: concernThe instructions tell the agent/operator to execute local PowerShell scripts that would modify/compact conversation data and write logs. Because the actual scripts are not present in the bundle, you cannot verify what data transformations, retention logic for “关键记忆”, or external communications the scripts would perform. The guidance to set ExecutionPolicy to Bypass elevates risk (it permits running arbitrary PowerShell code). The SKILL.md is also vague about how it identifies and preserves '关键记忆'.
Install Mechanism: noteThis is an instruction-only skill with no install spec, which is low install-surface. However, the documentation implies files (scripts/config) should exist at workspace/skills/context-monitor/, yet they are not included. That discrepancy means the package as published is incomplete or expects out-of-band files — a red flag because missing files could be fetched or created later without review.
Credentials: okThe skill does not request environment variables, credentials, or config paths. That is proportionate for a local context-monitoring task. Nonetheless, because the runtime scripts are absent, we cannot confirm whether the actual implementation would access secrets or other configs.
Persistence & Privilege: okalways is false and the skill is not marked to modify agent/global configs (SKILL.md even warns not to change openclaw.json). No persistent install mechanism is declared. Still, the skill advises adding a cron job via the openclaw CLI (implying periodic autonomous runs), so ensure cron registration is what you expect before enabling.