Skillv1.0.0

ClawScan security

Exec Inspector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:36 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (inspect exec history) matches the actions it asks the agent to perform, but it instructs the agent to read sensitive local session logs and to create/start a persistent daemon without provenance or clear safeguards — this is coherent but potentially privacy‑exposing and therefore suspicious.
Guidance: This skill is coherent for the purpose of inspecting agent exec logs, but it asks you to read broad session logs and to create a persistent monitor — both can expose sensitive commands, output, or metadata. Before installing or running anything: 1) Inspect the exact script contents that the SKILL.md would write (open the exec-history.sh and exec-monitor-daemon.sh snippets) — do not run them blindly. 2) Run read-only commands yourself first (e.g., manually grep/jq a single session file) to confirm what data is present. 3) Avoid starting the daemon until you are sure you want continuous local monitoring; prefer one-time queries. 4) Ensure session files do not contain secrets (passwords, tokens, private keys) and restrict file permissions if needed. 5) Ask the skill author for provenance (homepage, source repo) and a minimal mode that redacts outputs and omits token/usage fields. If you cannot verify the scripts' origin or contents, do not enable the persistent monitor.

Review Dimensions

Purpose & Capability: noteThe SKILL.md clearly intends to inspect OpenClaw agent exec history stored under ~/.openclaw/agents/main/sessions and to provide listing, search, stats, and a daemon for live monitoring. That functionality aligns with the name 'Exec Inspector'. However the package has no description/homepage/provenance and the skill instructs creating scripts in the user's home — lacking metadata reduces trust.
Instruction Scope: concernRuntime instructions tell the AI to execute shell commands that read session JSONL files (e.g., grep/jq over ~/.openclaw/agents/main/sessions/*.jsonl) and to create/start a background monitoring daemon that will output every exec invocation in real time. Those logs can contain full commands, command outputs, model/provider metadata, and token/usage fields. The SKILL.md also directs the agent to immediately run these commands when triggered (not just show how), which increases the risk of inadvertent disclosure or persistent monitoring. There are no instructions to sanitize, filter, or limit sensitive fields.
Install Mechanism: noteThere is no formal install spec (the skill is instruction-only), so nothing will be fetched by the platform. However SKILL.md includes shell snippets that create scripts under ~/.openclaw/scripts (e.g., using cat > ...). Although not an 'installer', these instructions will write persistent files and start services if followed — this is an operational risk even without a download URL.
Credentials: concernThe skill declares no required env vars or credentials, but it instructs the agent to read session files that can include sensitive data (commands with secrets, command outputs, provider/model usage, token usage metadata). Asking to access broad session logs is plausible for an inspector, but the breadth of data accessed (including command arguments and outputs) is high relative to a minimal 'list of recent commands' feature and is not constrained or justified in SKILL.md.
Persistence & Privilege: concernThe skill recommends creating and starting a background daemon (~/.openclaw/scripts/exec-monitor-daemon.sh start) that will continuously output exec invocations. That introduces a persistent monitor in the user's environment. The registry flags show always:false, but the SKILL.md itself requests persistent background behavior — this combination increases the blast radius (continuous local monitoring) and should be treated cautiously.