Skillv1.0.0

ClawScan security

openclaw intent router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 10:24 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and runtime instructions broadly match an intent-routing npm package, but there are small inconsistencies and a reliance on external package installs (npm/GitHub) without the registry packaging the code — verify the upstream package/repo before installing.
Guidance: This registry entry is an instruction-only README for an npm package, not the package code itself. Before installing or running anything: 1) verify the npm package and GitHub repo URLs in the SKILL.md actually exist and are owned by the expected maintainer; 2) inspect the package source (or review the repo) for unexpected network calls, telemetry, or credential usage; 3) run `npm audit` and prefer installing into an isolated environment (container/VM) rather than globally; 4) if you plan to use semantic embeddings, confirm whether the implementation uses local models or calls external embedding APIs (which would require credentials and change the risk profile). The current entry is not clearly malicious but the mismatch (registry has no source/homepage while SKILL.md points to external code) is a reason to verify before proceeding.

Review Dimensions

Purpose & Capability: noteName/description (intent router) align with the instructions and examples (Node package that registers/routs skills). However, the SKILL.md requires Node.js/npm while the skill package in the registry is instruction-only with no code — this is plausible (a documentation-only skill) but inconsistent with expectations that a skill in the registry might provide its own implementation or a homepage/source.
Instruction Scope: noteSKILL.md stays on-topic (matching/routing, examples of registerSkill/route). It does instruct users to install an external npm package and clone a GitHub repo; it does not direct the agent to read unrelated system files or request secrets. Still, the document references optional semantic embeddings without explaining whether those call external APIs (a potential scope creep if implemented that way).
Install Mechanism: noteThere is no install spec in the registry (lowest-risk), but the SKILL.md tells users to run `npm install` or `git clone` to obtain the package. Installing third-party npm packages or cloning repos can introduce code from external sources — verify package publisher and inspect code before running. The suggested sources (npm/GitHub) are typical but the registry entry does not include or link to the code, creating an audit gap.
Credentials: okNo environment variables, credentials, or config paths are requested by the registry. The SKILL.md also asserts ‘no external API keys’ and ‘runs locally’. That claim is plausible for keyword-only routing; semantic embeddings mentioned could require additional resources if implemented with external services, but no secrets are requested here.
Persistence & Privilege: okSkill flags: always=false, user-invocable=true, normal autonomous invocation allowed. The skill does not request persistent system-wide privileges or modify other skills. No concerns on privilege from the metadata.