Pluginv0.1.2

ClawScan security

Skill Creator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 31, 2026, 3:40 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, scripts, and runtime instructions are coherent with its stated purpose (scaffolding and validating OpenClaw skills); it does not request credentials or exotic installs, but it does assume and write to a specific filesystem path so review scripts before running them.
Guidance: This skill appears to do what it says: scaffold and validate OpenClaw skills. Before running: (1) inspect the two Python scripts locally to confirm they match the provided sources (they are simple and benign-looking), (2) be aware they read/write under /home/ubuntu/skills — adjust SKILLS_BASE_PATH if you use a different environment or want to avoid writing to that path, (3) run scripts with a non-privileged account or in an isolated environment if you have concerns, and (4) validate that sending the generated SKILL.md via your platform's message/frontend flow is acceptable for your data policy. If anything in the scripts differs from the bundle, stop and investigate further.

Review Dimensions

Purpose & Capability: okName/description match the contents: SKILL.md, references, and two helper scripts (init_skill.py, quick_validate.py) implement scaffolding and validation for creating OpenClaw skills. Required env vars/binaries are none, which is proportionate for a documentation + helper-script bundle.
Instruction Scope: noteSKILL.md and the bundled scripts instruct the agent or operator to read/write under /home/ubuntu/skills and to run the included Python scripts. This is expected for a skill-initializer/validator, but it means the skill will read and create files in that specific path (and the validator reads SKILL.md frontmatter). The SKILL.md also references packaging/sending SKILL.md via a 'message' tool (frontend delivery) which is a normal workflow but results in the skill file being transmitted to the frontend.
Install Mechanism: okNo install spec and no network downloads; this is an instruction-only bundle with bundled scripts. Nothing writes arbitrary external code at install-time and the included scripts are plain Python source.
Credentials: okThe skill declares no environment variables or credentials. The only notable environmental assumption is the hard-coded SKILLS_BASE_PATH (/home/ubuntu/skills) used by both scripts; this is a usability/portability choice rather than a request for secrets.
Persistence & Privilege: okalways is false and model invocation is allowed (platform default). The skill does not request persistent elevated privileges or attempt to modify other skills/configs. It writes only under its intended skill directory when run.