OpenClaw Mastery
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: afrexai-openclaw-mastery Version: 1.0.0 The skill bundle provides comprehensive instructions for an AI agent to engineer and operate itself within the OpenClaw platform. While it includes powerful capabilities such as executing shell commands (e.g., `npm`, `openclaw`, `clawhub`, `op read`), configuring cron jobs, and managing API keys, these are consistently presented within the context of legitimate system administration and agent self-management. The `SKILL.md` explicitly includes a 'Security & Secrets Management' section with 'Never Do This' warnings and recommended secure practices (e.g., 1Password CLI, git-ignored env files), demonstrating an intent for secure operation rather than malicious activity. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution of remote payloads, or instructions for the agent to act against the user's interest or hide its actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing a global CLI gives that package local execution capability on the user's machine.
The guide tells the user to install the OpenClaw CLI globally from npm. This is central to the skill's OpenClaw setup purpose, but users should still verify package provenance and version.
npm install -g openclaw
Install only from the trusted OpenClaw package source, review the package/version, and avoid running setup on sensitive systems without understanding the CLI.
Misconfigured or overexposed API keys could allow unwanted model/search usage or charges.
The guide instructs users to configure API keys for model and search providers. This is expected for an OpenClaw agent deployment guide, but it involves delegated account access.
ANTHROPIC_API_KEY=sk-ant-...; OPENAI_API_KEY=sk-...; BRAVE_API_KEY=...
Use least-privilege keys where possible, store them in environment variables or a secret manager, monitor usage, and rotate or revoke keys if exposed.
Private context or mistaken instructions may be reused by future agent sessions.
The skill intentionally designs persistent files such as USER.md, MEMORY.md, HEARTBEAT.md, and daily logs for reuse across sessions. This is purpose-aligned, but persistent memory can retain sensitive data or stale instructions.
Your workspace (`~/.openclaw/workspace/`) IS the agent's persistent memory and personality.
Keep sensitive data out of memory files unless needed, review persistent memory regularly, and define clear rules for what the agent may store.
Automations may send messages, perform monitoring, or trigger workflows on a schedule if the user configures them.
The skill advertises scheduled/proactive automation patterns. This matches the autonomous-agent operations purpose, but scheduled tasks can keep acting after setup if not bounded.
Cron & Automation — Copy-paste cron job templates for morning briefings, monitoring, marketing
Require explicit approval for external or high-impact actions, document stop/disable procedures, and review cron jobs before enabling them.
Messages or agent outputs could reach the wrong channel or audience if bindings are misconfigured.
The guide covers routing agents through multiple external messaging channels. This is expected for OpenClaw operations, but channel boundaries and message routing should be configured carefully.
channels: telegram: botToken: "..."; # discord, slack, signal, whatsapp, imessage, webchat
Use separate bot tokens where appropriate, verify channel-to-agent bindings, and test in private channels before production use.