Scan Report
0 /100
clawtrix-skill-advisor
Collective peer intelligence skill auditor and recommender
Clawtrix Skill Advisor is a pure documentation-based recommendation skill that reads local context files and queries public APIs for skill discovery. All declared capabilities align with the actual behavior - read-only operations with no exfiltration, credential access, or malicious patterns.
Safe to install
No action required. This skill is safe to use as designed.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | Reads SOUL.md, MEMORY.md, AGENTS.md for context (declared in SKILL.md) |
| Network | READ | READ | ✓ Aligned | Queries clawhub.ai/api/v1 for skill discovery (declared in SKILL.md) |
| Shell | READ | READ | ✓ Aligned | Runs openclaw skills list and wc -c for file stats (declared in SKILL.md) |
| Environment | NONE | NONE | — | Only checks optional CLAWBRAIN_API_URL env var; does not read credentials |
| Skill Invoke | NONE | NONE | — | No skill invocation observed |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser usage |
| Database | NONE | NONE | — | No database access |
File Tree
1 files · 13.0 KB · 249 lines Markdown 1f · 249L
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation-based skill (SKILL.md only) - no executable code to hide malicious behavior
✓ All network operations target declared public APIs (clawhub.ai)
✓ Explicitly states it never sends SOUL.md or agent configuration externally
✓ Never installs or removes anything - purely advisory role
✓ Owner approves every change before execution
✓ No credential harvesting or sensitive path access
✓ No obfuscation, base64, eval, or suspicious patterns
✓ No hidden functionality detected
✓ No supply chain dependencies with vulnerabilities