ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Workspace Governance Installer

v0.2.9

Install OpenClaw WORKSPACE_GOVERNANCE in minutes. Get guided setup, upgrade checks, migration, and audit for long-running workspaces.

2· 1.1k·3 current·3 all-time
by@adamchanadam
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and runtime instructions all describe installing and running an OpenClaw workspace-governance plugin. The only required binary is 'openclaw', which is proportionate to the stated installer purpose.
Instruction Scope
SKILL.md instructs the user to run 'openclaw plugins install ...' and 'openclaw gateway restart' and describes commands the plugin provides (gov_*). It also mentions editing 'openclaw.json' via the plugin's safe-edit command. These are within the governance scope, but they imply the plugin will read/modify OpenClaw platform config — users should review the plugin's behavior before granting it those abilities.
Install Mechanism
The skill is instruction-only (no install spec), and installs the plugin via 'openclaw plugins install @adamchanadam/openclaw-workspace-governance@latest'. That is expected for an installer, but it causes OpenClaw to fetch and install third-party code; verify the plugin source and releases before installing.
Credentials
No environment variables, credentials, or config paths are requested by the skill itself. This is proportionate to an instruction-only installer that delegates actual configuration to the OpenClaw plugin.
Persistence & Privilege
The skill itself is not 'always' and does not request elevated platform settings. However, the installer instructs installing a plugin that will persist inside the OpenClaw instance and may receive privileges there — users should vet the plugin's requested permissions and intended modifications before installing.
Assessment
This skill is coherent: it only tells you how to install a governance plugin using your openclaw CLI. The main risk is the plugin you install, not the skill text. Before installing: 1) review the plugin repository and recent releases (https://github.com/Adamchanadam/OpenClaw-WORKSPACE-GOVERNANCE), 2) inspect the plugin manifest and source code or ask the author for signed releases, 3) test installation in a staging workspace and back up openclaw.json, 4) confirm the plugin's required permissions and that you trust the maintainer, and 5) avoid running install commands on production without an audit. If you cannot audit the plugin, consider treating it as untrusted code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97djj1fapsdmvah4r1e38bgzd83awdd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
Binsopenclaw

Comments