Skillv1.0.5

ClawScan security

Config Security Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 11:28 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with a local, config-only OpenClaw security scanner; minor metadata and documentation inconsistencies should be resolved before trusting or automating it.
Guidance: This skill appears to be what it says: a local, static-config security scanner for OpenClaw. Before installing or automating it: 1) verify the package version and source (files show version 1.0.4 but registry metadata lists 1.0.5), 2) confirm whether OPENCLAW_CONFIG is intended to be required or optional (clawhub.json declares envRead but top-level metadata did not), 3) ignore/clarify the README line about optional external tools (lsof/ss) since the code avoids subprocesses, 4) run the scanner in a safe environment (or review scripts) and backup your configs before applying any remediation steps—the playbook marks service restarts and CLI actions as [OPERATOR], so those should be performed by an admin. If you plan to allow the agent to invoke this skill autonomously, ensure you’re comfortable with it reading the listed config files and writing report files in your workspace.

Review Dimensions

Purpose & Capability: noteThe skill claims to perform pure static analysis of OpenClaw configuration files and the Python scripts do exactly that: they read typical OpenClaw config paths, examine gateway/channel/tool settings, and produce findings. This capability aligns with the stated purpose. Minor mismatch: README mentions `lsof`/`ss` as 'optional' for port detection, but the SKILL.md, clawhub.json, and security_scan.py explicitly avoid subprocess/network use — this is likely leftover documentation and should be cleaned up.
Instruction Scope: okSKILL.md instructs the agent to read local config files, run the provided scanner or CLI wrapper, and produce reports; the scanner code only accesses declared config paths and the OPENCLAW_CONFIG env var. There are no instructions to access unrelated files, external endpoints, or to execute system commands.
Install Mechanism: okNo install spec is provided (instruction-only entry point), so nothing is pulled from arbitrary URLs. The included packaging script writes tarballs to /tmp which is normal for packaging. Overall install risk is low.
Credentials: notePermissions declared in clawhub.json (read specific OpenClaw config paths, read OPENCLAW_CONFIG env var, write report files) map to the scanner's needs. However, the top-level registry metadata in the submission lists 'Required env vars: none' while clawhub.json and the scanner reference OPENCLAW_CONFIG — a metadata/documentation inconsistency. Confirm whether OPENCLAW_CONFIG is optional or required before granting env access.
Persistence & Privilege: okThe skill is not force-included (always:false) and does not request elevated persistent privileges. It does not modify other skills' configs. Autonomous invocation is allowed (platform default) but not combined with broad or unusual access here.