v0.1.20

Skill Downloader

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:43 AM.

Analysis

This is a coherent review-first helper for finding and installing OpenClaw skills, with the main user-visible risk being that approved installs or updates can change future agent behavior.

GuidanceThis skill appears safe for its stated purpose, but installing or updating skills changes what your agent can do later. Review the candidate skill details, avoid proceeding on minimal information, and give explicit approval only when you trust the source and destination.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

Do not install or update anything without explicit user approval. When installing or updating: - use the requested destination (`~/.openclaw/skills/` for global or `{workspace}/skills/` for local by default)

The skill can direct writes or updates to persistent skill directories, but the artifact clearly scopes the destinations and requires explicit approval.

User impactIf the user approves an install or update, the agent may add or change skills that affect later OpenClaw behavior.

RecommendationApprove installs only after reviewing the candidate skill, and prefer a workspace-local install when testing unfamiliar skills.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

references/advanced-workflows.md

Primary sources:
- ClawHub
- GitHub `anthropics/skills`
- skills.sh

The workflow intentionally discovers candidates from external registries or repositories, which is expected for this purpose but makes candidate provenance and review important.

User impactA third-party or outdated candidate skill could be installed if the user approves it without enough review.

RecommendationPrefer official registry inspection, treat partial or minimal metadata cautiously, and review source material before approving installation.