Safety Report

DocClaw

Name: DocClaw
Rating: 5 (7 reviews)
Author: vibecodooor

DocClaw is a documentation skill for OpenClaw that combines live docs search, direct markdown fetch, and offline local-doc fallback.

762Downloads

2Installs

7Stars

4Versions

Search & Retrieval2,116 PDF & Documents1,388 Documentation1,163 Legal & Compliance738

Security Analysis

high confidence

Clean

DocClaw's code, instructions, and requirements are internally consistent with a documentation retrieval skill — it does network fetches limited to docs.openclaw.ai and local doc discovery, and it does not request unrelated credentials or install arbitrary remote code.

Feb 18, 20266 files

Purpose & Capabilityok

Name/description match the provided artifacts: scripts implement live docs index refresh, markdown fetch, and local-doc discovery. No unrelated credentials, binaries, or config paths are requested.

Instruction Scopeok

SKILL.md instructs using the openclaw docs CLI and the shipped Python scripts. The runtime instructions limit network targets to docs.openclaw.ai, forbid passing full URLs to fetch, and explicitly treat fetched docs as untrusted. Instructions do not ask the agent to read unrelated system files or exfiltrate data.

Install Mechanismok

No install spec is provided (instruction-only with bundled scripts). All code is included in the skill bundle; no external downloads or archive extraction are performed during install.

Credentialsok

The skill declares no required environment variables, credentials, or config paths. The scripts read and write only within the skill directory and user home paths for local-doc discovery; no secrets or unrelated env vars are requested or accessed.

Persistence & Privilegeok

always is false and the skill is user-invocable. The skill does write cache and index files under its own references directory when run, which is expected for an indexing/fetching tool. It does not modify other skills or system-wide agent settings.

Guidance

DocClaw appears coherent and limited to fetching and indexing docs from docs.openclaw.ai and searching local doc directories. Before installing/running: - Note that the scripts perform network requests to docs.openclaw.ai and will write index/cache files under the skill directory (references/). If you need isolation, run them in a sandbox or ephemeral environment. - The code enforces a trusted-host guard and rejects off-domain URLs, but remote content is still treated as untrusted; follow the SKILL.md advice to verify behavior with `openclaw <cmd> --help` when accuracy matters. - The included smoke_test spawns subprocesses and requires python3; do not run smoke_test as root (the script already checks this). Reviewing the referenced index JSON before fetching is a good precaution. - There are no requested secrets or unusual privileges. If you require higher assurance, you can review the references/ directory and run the scripts manually in a controlled environment before enabling autonomous invocation.

Latest Release

v1.0.3

Security hardening: re-validate index-derived markdown_url host to docs.openclaw.ai before fetch; add malicious-index smoke test and root guard.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @vibecodooor on ClawHub