Pluginv1.0.0

ClawScan security

OpenClaw Operations Bundle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 1:21 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The bundle largely matches an OpenClaw operations toolkit but contains sloppy/ambiguous implementation details (hardcoded user paths, missing manifest scripts, and destructive commands) that warrant review before installing in production.
Guidance: Summary of what to check before installing: - Review the scripts (scripts/release-tracker.py and openclaw-install.sh) line-by-line. Note release-tracker.py attempts network calls to GitHub (expected) but also checks a hardcoded path (/home/marius/...) — fix or remove developer-specific paths. - Back up your OpenClaw state (openclaw config, ~/.openclaw, credentials, sessions) before running anything — the SKILL.md explicitly contains destructive commands (rm -rf session paths, openclaw reset, security audit --fix). - Verify the installer will copy files where you expect (it targets $HOME/.openclaw/workspace/skills) and will run python3 scripts and openclaw cron add; ensure the 'openclaw' CLI is the intended binary and that cron messages point to valid paths on your system. - Confirm there are no missing referenced scripts in your intended install layout; the bundle manifest lists scripts that aren't present in the package which may indicate packaging errors. - Run in a staging environment first. If you accept it, run the installer interactively and inspect the cron jobs and copied files before granting it ongoing access. - If anything looks unexpected (hardcoded usernames/paths, cron jobs pointing to /home/marius or /path/to), contact the package author or correct the scripts locally before deploying to production.

Review Dimensions

Purpose & Capability: noteThe name/description match the included SKILL.md files and scripts: gateway ops, security, channel management, and release tracking. The included files and installer perform tasks consistent with an ops bundle (copying skills into ~/.openclaw, adding cron jobs, running release-tracker). However there are oddities: release-tracker.py checks a hardcoded path (/home/marius/...) and the bundle manifest references scripts (scripts/security-audit.sh, scripts/channel-health.sh) that are not present in the package — this suggests sloppy packaging or assumptions about a specific developer environment.
Instruction Scope: concernSKILL.md instructs reading config and credential directories (e.g., ~/.openclaw/credentials), modifying configs, adding cron jobs, and running destructive operations (rm -rf on sessions, openclaw reset --all, openclaw security audit --fix). These actions are within the claimed ops scope but are powerful/destructive; the package also contains hardcoded or user-specific paths and cron messages, widening scope and risk if run without review. The instructions also assume the 'openclaw' CLI exists and will be permitted to perform system-level changes.
Install Mechanism: noteNo remote downloads or external install sources are used; the installer is a local bash script that copies skill directories into $HOME/.openclaw/workspace/skills and runs local scripts. That is lower risk than network installs, but the installer will execute python3 scripts (release-tracker.py sync) and call 'openclaw cron add'. Because files in the bundle reference missing scripts and hardcoded paths, the installer may fail or behave unexpectedly.
Credentials: okThe package does not request any environment variables or external credentials in its metadata. Its runtime instructions legitimately require access to OpenClaw configuration, secrets, and credential files (via openclaw commands and direct file operations under ~/.openclaw). This access is proportional for an ops skill, but those operations are sensitive — the user should be aware that installing gives these scripts and instructions the ability to read and modify local OpenClaw secrets and sessions.
Persistence & Privilege: noteThe installer and SKILL.md add cron jobs (via openclaw cron add) to run the release-tracker and health checks, creating persistent scheduled tasks. The bundle does not set always:true. Persistent cron entries are expected for a release-tracker but are a long-lived side effect that should be reviewed (verify cron targets, timing, and command paths) before installing.