Skillv1.0.0

ClawScan security

Huo15 Openclaw Security Review · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 24, 2026, 2:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only code-scanning assistant that stays within its stated scope (static grep-like checks on git diffs/history) and requests no extra credentials or installs—its requirements and instructions are coherent with the described purpose.
Guidance: This skill is internally coherent: it only does read-only static checks of git diffs/history and produces remediation advice, and it explicitly avoids destructive or network actions. Before installing, consider: (1) Run it in a trusted environment (local clone or CI runner) because it will read full git history and could surface secrets even if it claims to desensitize them. (2) Confirm the agent's repository/file access is intentionally scoped and that no unrelated credentials are exposed to the agent runtime. (3) Review the regex/signature rules for false positives or project-specific false negatives (whitelists may be needed). (4) If you want extra safety, require manual approval before any suggested fixes are applied and avoid granting the agent write permissions or external network access. If those precautions are acceptable, this skill appears appropriate for pre-merge/security review workflows.
Findings: [no_code_files_or_binaries] expected: The regex-based scanner had nothing to analyze because this is instruction-only (SKILL.md). That is expected for a skills that only contains runtime instructions.

Review Dimensions

Purpose & Capability: okName/description (static security review of pending changes) align with the actual behavior: the SKILL.md only describes reading git diffs/history, applying regex/signature checks, producing a report, and returning commands for the user to run. It does not request unrelated credentials or binaries.
Instruction Scope: noteInstructions limit themselves to read-only analysis (git diff, grep, reading file contexts, scanning commit messages and history). This is appropriate for a security scanner, but be aware that reading git history can surface secrets and other sensitive data—the skill states desensitization rules and explicit 'hard red lines' (won't auto-revoke keys, won't exec npm audit, won't modify history), which reduces risk.
Install Mechanism: okNo install spec and no code files — lowest-risk model for a skill. All actions are described as commands the agent should suggest/perform locally; nothing will be downloaded or written by the skill itself.
Credentials: okThe skill requires no environment variables, no credentials, and no config paths. Its checks (regexes, git history) do not imply needing cloud keys or unrelated service tokens, so requested access is proportionate to the purpose.
Persistence & Privilege: okalways:false, user-invocable, and no persistent/install behavior. The skill does not request permanent presence or modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with broad privileges here.