Openclaw Skill Scanner

The name/description match the actual behavior: scripts clone/run a skill-scanner, scan user/builtin skills, and quarantine High/Critical findings. The declared runtime tooling in SKILL.md (uv, npx, git, systemctl) aligns with what the scripts call. One minor inconsistency: the registry metadata lists no required env vars, while SKILL.md references OPENCLAW_STATE_DIR and OPENCLAW_WORKSPACE_DIR (the scripts use these with sane defaults).

The scripts stay within the stated scope (scan directories, write reports, move failing skill dirs into a quarantine path). They do not read or transmit secrets or access unrelated system config. Important: they run third‑party tooling (uv run skill-scanner, npx clawhub) which executes code from the scanner repo / npm packages — this is expected for a scanner but increases the trust surface. The quarantine logic is careful to only move directories under the user's skills dir.

No formal install spec (instruction-only) — scripts instruct cloning the scanner repo from GitHub and using 'uv' and 'npx'. That means remote code (GitHub repo and npm packages) will be fetched and executed by the user. The scripts themselves do not download arbitrary binaries or use obscure URLs; they rely on widely used hosts (github.com, npm via npx).

The skill does not request credentials or secrets and only needs workspace/state paths (OPENCLAW_STATE_DIR, OPENCLAW_WORKSPACE_DIR). Those are proportional to its purpose. The registry metadata not listing them is a minor metadata omission but not a dangerous behavior. No unrelated environment variables or config paths are accessed.

always:false and normal autonomous invocation settings. The skill does not attempt to modify other skills' configuration or system-wide settings beyond recommending/using systemd --user units; the systemd unit templates are optional and run as the user. The quarantine move is limited to ~/.openclaw/skills/* and is performed only on High/Critical findings.