ClawLine Setup Security Report — Low Risk | ClawSafe

15 /100

ClawLine Setup

通过对话一键安装并配置 ClawLine 手机 App 与 OpenClaw 的连接

ClawLine Setup skill is a configuration-only skill with no executable code present; documentation declares reasonable plugin/config management behavior but lacks implementation files to verify claims.

Skill NameClawLine Setup

Duration31.9s

Enginepi

✓

Safe to install

Verify actual implementation exists in the npm package @openclawline/clawline-setup before trusting with production systems. Review the npm package source code for any shell execution or credential access.

Findings 2 items

Severity	Finding	Location
Low	Documentation claims without implementation Doc Mismatch SKILL.md declares behaviors (install plugin, write UUID config, restart gateway, clear pairing) but no code files exist to verify these claims are actually implemented. `SKILL.md lines 5-22 describe functionality but scripts/ directory is absent` → Verify the actual implementation exists in the referenced npm package and matches declared behavior	`SKILL.md`
Info	External npm package dependency Supply Chain Skill depends on @openclawline/clawline-setup npm package but no package.json or lock file present to verify version/pinning `openclaw plugins install @openclawline/clawline-setup` → Review npm package source code before installation	`SKILL.md:50`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`UNKNOWN`	✓ Aligned	SKILL.md claims config file writes but no code to verify
Shell	`NONE`	`UNKNOWN`	✓ Aligned	SKILL.md mentions 'openclaw plugins install' command but no implementation
Network	`NONE`	`UNKNOWN`	✓ Aligned	References external URLs but no explicit code
Environment	`NONE`	`NONE`	—	No environment access detected

2 findings

🔗

Medium External URL 外部 URL

https://openclawline.com

SKILL.md:52

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@openclawline/clawline-setup

SKILL.md:53

File Tree

3 files · 2.0 KB · 61 lines

Markdown 1f · 53L Text 2f · 8L

├─ 📄 install.txt Text 4L · 159 B

├─ 📝 SKILL.md Markdown 53L · 1.7 KB

└─ 📄 triggers.txt Text 4L · 102 B

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`@openclawline/clawline-setup`	`unknown`	npm	No	No package.json in skill; dependency comes from referenced npm package

Security Positives

✓ No executable code files present to analyze, reducing immediate attack surface

✓ No environment variable access detected

✓ No sensitive file access patterns observed

✓ No obfuscated code, base64 payloads, or suspicious execution patterns

✓ External URLs are legitimate service references (GitHub, npm, app website)

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives