Clawdocs Improved

v1.0.0

OpenClaw documentation expert with config references, errata tracking, search scripts, and decision tree navigation

⭐ 0· 704·2 current·2 all-time

byFrank@sallvainian·fork of @nicholasspisak/clawddocs (1.2.2)

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description match the provided files: the SKILL.md plus the references/* and snippets/* files together implement a documentation/config reference skill. The included scripts (search, fetch, sitemap, cache, track-changes) are proportionate to a docs/search helper.

ℹ

Instruction Scope

SKILL.md explicitly instructs the agent/user to read local reference files and snippets and to run bundled scripts (./scripts/*.sh) to search/fetch docs and build indexes. It also tells users to check /tmp/openclaw/openclaw.log for reload errors and to cross-reference an external 'Context7 /openclaw/openclaw' source — these are within scope for a docs skill but do cause the agent to interact with local files and to perform network fetches. The SKILL.md also recommends running an external installer via curl -fsSL https://openclaw.ai/install.sh | bash in the 'install/deploy' advice — that is a high‑risk operation if executed without review. Overall the instructions are coherent but grant the agent discretion to fetch remote content and read/write under the user's home directory; exercise caution.

✓

Install Mechanism

There is no install spec (instruction-only), which is low risk. The shipped shell scripts use curl to fetch docs from docs.openclaw.ai and write caches to ${HOME}/.openclaw/cache/clawddocs. Those network calls and filesystem writes are expected for this functionality; no obscure download URLs or archive extraction were found in the provided files.

ℹ

Credentials

The skill does not declare required env vars or credentials (none required), which aligns with being a documentation helper. However, the reference documents include many example config fragments containing placeholders like ${OPENAI_API_KEY}, ${OPENCLAW_GATEWAY_TOKEN}, etc. Those are examples in docs (expected), but they could confuse an agent or user into thinking secrets are needed or should be read — the SKILL.md itself does not request them. Confirm the agent will not attempt to read environment variables or secret files unless the user explicitly asks it to.

✓

Persistence & Privilege

always:false and no install spec — the skill does not request persistent global inclusion or elevated platform privileges. Its scripts write under the user's home (~/.openclaw/cache/clawddocs) which is reasonable for caching; the skill does not attempt to alter other skills or system-wide configuration in the files reviewed.

Scan Findings in Context

[system-prompt-override] unexpected: A prompt‑injection signature was detected in SKILL.md. The visible SKILL.md primarily contains doc navigation and instructions to use local references and the bundled scripts, but this pre-scan flag suggests the skill text may include phrasing that could try to modify agent system behavior. Treat this as a potentially risky pattern and review the skill text and how the agent runtime enforces system prompts before enabling.

What to consider before installing

What to check before you install or run this skill: - Review the bundled shell scripts (./scripts/*.sh) yourself. They fetch docs from https://docs.openclaw.ai and write cached files under ~/.openclaw/cache/clawddocs; ensure you are comfortable with those network calls and local writes. - Do NOT run the recommended curl -fsSL https://openclaw.ai/install.sh | bash command without inspecting that script first — that pattern can install arbitrary code. - The SKILL.md and reference files include many example placeholders like ${OPENAI_API_KEY} and ${OPENCLAW_GATEWAY_TOKEN}. The skill does not declare it requires secrets, but be explicit: do not let the skill (or the agent using it) read environment variables or secret files unless you explicitly permit it. - The pre-scan detected a 'system-prompt-override' pattern. That can be a false positive for documentation content, but it can also indicate phrasing intended to influence the agent runtime. If you plan to allow the agent to invoke the skill autonomously, restrict its capability to run shell commands or access secrets until you've validated behavior in a sandbox. - If you only want read-only help, use the skill as a human-in-the-loop tool: run scripts yourself in a controlled shell and paste snippets into the agent, rather than allowing the agent to run them autonomously. If you want higher confidence about safety, provide the full omitted scripts/content (the scan noted some files were truncated) and test the scripts in an isolated environment (container or VM) to observe their network calls and filesystem changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk9789n66bh1jqskbz36atmxjpn81ndmc

704downloads

0stars

1versions

Updated 7h ago

v1.0.0

MIT-0

OpenClaw Documentation Expert

Capability Summary: OpenClaw documentation expert with built-in config references (agents, channels, gateway, tools, sessions, providers), errata tracking for known doc inaccuracies, search scripts, doc fetching, and decision tree navigation.

You are an expert on OpenClaw documentation. Use this skill to help users navigate, understand, and configure OpenClaw.

CRITICAL: Before Suggesting Config Changes

Check errata first: Read ./snippets/errata.md for known doc inaccuracies
Use the built-in config references in ./references/ — these are validated and structured by category
Always validate: After suggesting any config change, tell the user to check tail /tmp/openclaw/openclaw.log | grep -i reload for "Unrecognized key" errors
Cross-reference: When uncertain, use Context7 /openclaw/openclaw to verify against the actual source repo
The gateway/configuration-reference doc is the most reliable upstream source — fetch via ./scripts/fetch-doc.sh gateway/configuration-reference

Config References (Built-In)

For config questions, check the relevant reference file FIRST before fetching external docs:

File	Covers
`./references/agents.md`	Model config, heartbeat, compaction, memory search, context pruning, sandbox, multi-agent routing
`./references/channels.md`	Discord, Telegram, WhatsApp, Slack, Signal, iMessage, BlueBubbles, Google Chat, MS Teams, group policies, DM policies
`./references/gateway.md`	Port, bind, auth modes, tailscale, control UI, remote, rate limiting
`./references/tools.md`	Tool profiles, allow/deny, exec, elevated, web search/fetch, subagents, loop detection
`./references/session-messages.md`	Session reset, maintenance, identity links, message queue, send policy
`./references/environment-providers.md`	Environment variables, auth profiles, model providers, OAuth, custom endpoints
`./snippets/validated-configs.md`	Ready-to-paste validated config blocks for common setups
`./snippets/errata.md`	Known discrepancies between docs and runtime behavior

Workflow for config questions:

Read the relevant ./references/*.md file
Cross-check against ./snippets/errata.md
Provide the config snippet
Remind user to verify with gateway reload log

Decision Tree

"How do I set up X?" → Check channels/ or start/
- Discord, Telegram, WhatsApp, etc. → channels/<name>
- First time? → start/getting-started, start/setup
"Why isn't X working?" → Check troubleshooting
- General issues → debugging, gateway/troubleshooting
- Channel-specific → channels/troubleshooting
"How do I configure X?" → Check ./references/ first, then gateway/configuration
- Agent/model config → ./references/agents.md
- Channel config → ./references/channels.md
- Gateway/auth config → ./references/gateway.md
- Tool config → ./references/tools.md
- Session/message config → ./references/session-messages.md
"What is X?" → Check concepts/
"How do I automate X?" → Check automation/
- Scheduled tasks → automation/cron-jobs
- Webhooks → automation/webhook
- Gmail → automation/gmail-pubsub
"How do I install/deploy?" → Check install/ or platforms/
- Updating → install/updating (recommended: curl -fsSL https://openclaw.ai/install.sh | bash)

Search Scripts

All scripts are in ./scripts/:

./scripts/sitemap.sh                          # All docs grouped by category
./scripts/search.sh <keyword>                 # Find docs by keyword + full-text
./scripts/fetch-doc.sh <path>                 # Fetch specific doc as markdown
./scripts/recent.sh 7                         # Docs updated in last N days
./scripts/build-index.sh fetch && build       # Build full-text search index
./scripts/track-changes.sh snapshot           # Save current page list
./scripts/track-changes.sh since 2026-01-01   # Show added/removed pages

Documentation Categories

Category	Path	Covers
Getting Started	`/start/`	Setup, onboarding, FAQ, wizard
Gateway & Ops	`/gateway/`	Configuration, security, health, logging, tailscale
Channels	`/channels/`	All messaging platforms
Providers	`/providers/`	Anthropic, Bedrock, OpenAI, Cloudflare
Concepts	`/concepts/`	Agent, sessions, memory, models, streaming, compaction
Tools	`/tools/`	Bash, browser, skills, reactions, subagents, exec
Automation	`/automation/`	Cron, webhooks, Gmail pub/sub, hooks
CLI	`/cli/`	All CLI commands
Platforms	`/platforms/`	macOS, Linux, Windows, iOS, Android
Nodes	`/nodes/`	Camera, audio, images, location, voice
Install	`/install/`	Docker, Ansible, Bun, Nix, updating
Reference	`/reference/`	Templates, RPC, API costs

Workflow

Check errata at ./snippets/errata.md
Check built-in references in ./references/ for config questions
Search if unsure: ./scripts/search.sh <keyword>
Fetch the doc: ./scripts/fetch-doc.sh <path>
Use validated snippets from ./snippets/validated-configs.md
Cite the source URL: https://docs.openclaw.ai/<path>

Tips

Built-in ./references/ files are faster and more reliable than fetching external docs for config questions
Always use cached sitemap when possible (1-hour TTL)
When docs contradict the gateway validator, the gateway is right
Link to docs: https://docs.openclaw.ai/<path>

Comments

Loading comments...