Skillv1.0.1

ClawScan security

OpenClaw Session Reply Debug & Model Fallback · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 5:23 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with its stated purpose: diagnosing OpenClaw reply failures and safely switching model references (with probe + fallback); it reads and updates local OpenClaw config/session files and probes provider endpoints using credentials already stored in openclaw.json.
Guidance: This skill appears coherent and does what it claims, but exercise normal caution before applying changes: 1) Run the scripts without --apply first (dry-run) to see planned edits. 2) Inspect the generated backups (.bak.<timestamp>) before overwriting. 3) Review openclaw.json and ensure provider.baseUrl is the expected upstream and you trust that endpoint — the scripts will use the apiKey stored there to perform probe requests. 4) If you plan to run via heartbeat/cron, verify the exact command the cron will run and that you want automatic periodic re-probing and potential reconfiguration. 5) Only run --apply on machines you control and have backups of your OpenClaw data if you need to be extra cautious.

Review Dimensions

Purpose & Capability: okThe name/description (diagnose no-reply and switch models with fallbacks) aligns with the included scripts and runbook. The scripts read openclaw.json, session caches and logs, probe provider endpoints, and rewrite model references — all actions you would expect for a model-switching/diagnostic tool.
Instruction Scope: okSKILL.md explicitly instructs reading session JSONL, openclaw.json, and runtime logs, running provider probes, and invoking the provided JS scripts (dry-run vs --apply). Those instructions stay within the stated troubleshooting and switching scope; they do not request unrelated secrets or system-wide data beyond OpenClaw files and provider probes.
Install Mechanism: okThere is no install spec or external download; the skill is instruction-only with local JS scripts included. No packages are fetched during install, so there is no external-install risk from package downloads.
Credentials: okThe scripts read provider configuration (baseUrl and apiKey) from $HOME/.openclaw/openclaw.json and use that to probe model endpoints — this is proportional to probing provider availability. The package does not request additional environment variables or credentials beyond the existing OpenClaw config.
Persistence & Privilege: okThe skill does not force permanent inclusion (always:false). The scripts will modify local OpenClaw config and session files when run with --apply and create timestamped backups; that file-write behavior is expected for a model-switching tool. Heartbeat/cron integration is advisory and reuses OpenClaw's mechanisms rather than installing daemons.