Back to skill
Skillv1.0.0
ClawScan security
openclaw audit trail · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 12:10 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested capabilities and runtime instructions are consistent with an on‑device audit-trail tool; it asks for no credentials or unusual access and its install method (npm/git) matches the stated Node.js package usage.
- Guidance
- This skill appears internally consistent with an on-device cryptographic audit trail. Before installing, review the actual npm/GitHub package contents (the SKILL.md instructs npm install / git clone) to confirm there is no unexpected network behavior or additional dependencies. Be aware the tool records whatever inputs you send it — avoid recording highly sensitive secrets (private keys, unredacted PII) unless you have a secure local storage and retention policy. If you plan to enable features like PostgreSQL or automatic uploads in future releases, audit those code paths and any endpoints they contact. If you need higher assurance, inspect the package source, check the repository commit history, and prefer installing from a pinned release (GitHub release tarball or specific npm version).
Review Dimensions
- Purpose & Capability
- okName/description (immutable audit trail for agent decisions) align with the instructions and examples: recording prompts, reasoning, outputs, SHA-256 hash chaining, local JSON/SQLite storage and exports. There are no unrelated credentials, binaries or config paths requested.
- Instruction Scope
- okSKILL.md/readme instruct the agent (or developer) to install and run a CLI/library that records decisions, verifies chains, lists and exports entries. The instructions do not direct the agent to read unrelated system files, harvest environment secrets, or send data to external endpoints. Example code shows recording potentially sensitive content (emails, loan data) but that is expected for an audit tool; users should be aware data recorded is stored locally by default.
- Install Mechanism
- noteThe registry has no formal install spec (instruction-only), while SKILL.md advises installing the package via npm or git clone. This is expected for a Node.js CLI/library, but it means the actual code is fetched at install time from npm/GitHub outside the registry — a normal but reviewable step. No obscure download URLs or extract-from-IP addresses are present in the docs.
- Credentials
- okNo required environment variables or credentials are declared in the registry metadata. The docs show optional env vars (AGENT_ID, STORAGE_PATH, AUTO_VERIFY, ENABLE_SIGNATURES, etc.) that are proportional to a local audit tool and are not sensitive by default. No unrelated tokens/keys/passwords are requested.
- Persistence & Privilege
- okSkill is instruction-only and not marked always:true. Autonomous invocation (disable-model-invocation=false) is the platform default and acceptable here. The skill does not request system-wide configuration changes or access to other skills' credentials.