Skillv1.1.0

ClawScan security

Bailian Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 23, 2026, 8:17 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (perform real‑time web search via Alibaba Bailian/DashScope) and only requests the DashScope API key, but there are minor inconsistencies and operational gaps you should be aware of before installing.
Guidance: Before installing: (1) Verify the skill source/author (ownerId is not a recognizable publisher). (2) Review search.sh yourself — it only contacts dashscope.aliyuncs.com and reads DASHSCOPE_API_KEY. (3) Ensure Python's 'requests' library is available on the host (pip install requests) or the script will fail; the package does not declare this dependency. (4) Prefer storing the API key in a secure secrets manager rather than plain ~/.bashrc; if you use 'openclaw config set', confirm where OpenClaw persists that value and who/what can read it. (5) If you are uncomfortable with persistent storage, use a temporary environment variable when invoking the skill. (6) The metadata unnecessarily lists 'curl' as required — this appears to be a small metadata bug rather than malicious behavior. If you need higher assurance, ask the publisher for a trusted source URL or sign-off and consider running the skill in an isolated environment the first time.

Review Dimensions

Purpose & Capability: noteName/description align with the required environment variable (DASHSCOPE_API_KEY) and network endpoints (dashscope.aliyuncs.com). However, SKILL.md and metadata list 'curl' as a required binary even though the shipped search.sh invokes python3 only; conversely the Python code depends on the third‑party 'requests' library which is not declared in the metadata. These are inconsistencies (likely oversights) but not directly malicious.
Instruction Scope: okRuntime instructions are limited to reading the DASHSCOPE_API_KEY, opening SSE connections to Bailian endpoints, and returning results. The SKILL.md does not instruct reading other system files or unrelated credentials. One minor mismatch: SKILL.md claims "No data is stored or logged by this skill," but the script prints SSE events and error details to stderr (which could expose event contents in logs).
Install Mechanism: okNo install spec (instruction-only skill + code file). No remote downloads or installers are invoked by the skill itself, reducing install-time risk. Files are included in the package (search.sh, SKILL.md, etc.).
Credentials: noteThe skill requires a single credential (DASHSCOPE_API_KEY), which is appropriate for a web‑search integration. Caveats: SKILL.md suggests storing the API key in shell profile or via 'openclaw config', both of which are persistent choices—ensure you understand where OpenClaw stores that config and who/what can read it on your system.
Persistence & Privilege: okThe skill does not set always: true, does not request elevated privileges, and does not modify other skills or global agent settings. It is user‑invocable and may be invoked autonomously by the agent (default behavior).