Pluginv1.2.2

ClawScan security

Abel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 5:15 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package largely does what its description says (graph-based causal reads, routing, and auth) but there are important inconsistencies and surprising touches you should review before installing — especially around credential handling and external endpoints.
Guidance: Key things to consider before installing: - Credential handling: The skill expects you to supply and persist an ABEL_API_KEY (and may accept CAP_API_KEY) and will use it to call external Abel endpoints (cap.abel.ai, api.abel.ai). Only provide such a key if you trust that remote service and understand what access the key grants. - Manifest mismatch: The registry metadata for this package did not declare required env vars, but the bundled SKILL.md files do. Ask the maintainer to update the package metadata to explicitly declare ABEL_API_KEY and the Python runtime requirement. - External network calls: The included Python probes and CLI scripts will contact domains controlled by the author. This is expected for a remote-capability skill, but if you have strict data-exfiltration policies, review what data those probes send (API key, queries, probe payloads) and consider running them in an isolated environment first. - Runtime dependencies: The package assumes a working Python/py3 runtime; there are many sizable Python modules included. There are no bundled dependency installers; ensure the environment has the needed libraries or test in a sandbox. - Persisted config: The skill asks OpenClaw to store the API key under skills.entries.abel.apiKey. If you prefer not to persist secrets in agent config, consider supplying keys temporarily or using a scoped/limited API key. - When in doubt: request the maintainer to (1) update registry metadata to list required env vars and binaries, (2) provide a clear list of endpoints and the exact scopes the API key grants, and (3) publish a minimal reproducible example showing what probe calls send to the network. If you cannot verify these, treat the skill as higher-risk and avoid storing long-lived credentials for it.

Review Dimensions

Purpose & Capability: concernThe skill's declared purpose (routing, auth, causal reads, strategy discovery) matches the included code and instructions: many Python probes and CLI scripts call an Abel CAP service and expect an ABEL_API_KEY. However the registry metadata reported by the bundle (Required env vars: none; Primary credential: none) does NOT match the SKILL.md files which explicitly require ABEL_API_KEY (and python / python3). That mismatch is an incoherence: the skill will need an API key and Python runtime even though the manifest reported none.
Instruction Scope: noteSKILL.md and the reference docs instruct the agent to run bundled Python scripts (cap_probe.py, narrative_cap_probe.py, render_guard.py, etc.) and to call external endpoints (e.g., https://cap.abel.ai and https://api.abel.ai). They also instruct persisting the Abel API key into OpenClaw config (skills.entries.abel.apiKey) and to use local .env.skill as a fallback. All of these behaviors are consistent with the stated purpose, but they do mean the skill will read/write agent config and will transmit requests to external domains controlled by the skill author. The instructions do not ask the agent to read unrelated user files or other unrelated environment variables.
Install Mechanism: okThere is no remote install/download step in the package (no install spec), so nothing is fetched from arbitrary URLs at install time. The bundle includes many Python scripts and modules that the agent may execute, but no pip/npm install instructions are provided — the SKILL.md expects a Python binary already present. That is coherent but means runtime may fail if required Python dependencies are not present; there is no installer that would pull code from untrusted hosts during install.
Credentials: concernThe skill requires an ABEL_API_KEY (and documents fallback variables like CAP_API_KEY) and expects the agent/OpenClaw to persist that API key into skills.entries.abel.apiKey. Requesting a single API key for the service it integrates with is proportionate; the concern is the manifest/registry metadata omitting this requirement. The skill also expects a Python runtime. No other unrelated credentials appear to be requested, but storing an API key into OpenClaw config is a privileged operation and you should confirm you trust the external service/domain before providing it.
Persistence & Privilege: noteThe skill asks OpenClaw to persist the Abel API key into its own config path (skills.entries.abel.apiKey) so OpenClaw can inject ABEL_API_KEY for runtime. Persisting its own credential is expected for an auth-capable skill. always:false (not force-included) and no cross-skill config writes were observed. Autonomous invocation (model invocation enabled) is the platform default and is present here; that increases blast radius if the skill is malicious, but there is no evidence this skill abuses always:true or modifies other skills.