openclaw-relation
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a documentation-only OpenClaw reference; it is coherent, but some documented setup steps can install software, create a daemon, connect accounts, run automations, and store memory if a user chooses to run them.
Use this skill as reference documentation. Before following its setup commands, verify the OpenClaw npm package, run install and daemon commands manually, connect only intended chat accounts and devices, enable whitelists such as allowFrom, and review hooks, webhooks, remote access, and memory settings for sensitive data exposure.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this command can change the user's global Node/npm environment and install whatever version is current at that time.
The documentation recommends installing the latest global npm package, which is purpose-aligned for setup but relies on external package provenance and an unpinned version.
npm install -g openclaw@latest
Verify the OpenClaw package source before installing, consider pinning a known version, and run the command manually rather than letting an agent execute it automatically.
OpenClaw may continue running in the background after setup if the user installs the daemon.
The quick-start flow includes installing a daemon, which creates background persistence. This is disclosed and aligned with a gateway service, but it is a persistent runtime behavior.
openclaw onboard --install-daemon
Install the daemon only if persistent gateway operation is desired, and understand how to stop, disable, or uninstall it.
Connected messaging accounts, groups, and workspaces may become accessible through the OpenClaw gateway according to the user's configuration.
The docs instruct users to log in to chat channels, which necessarily delegates access to messaging accounts or workspaces. This is expected for a multi-channel gateway.
openclaw channels login
Use least-privilege or dedicated accounts where possible, configure allowlists such as allowFrom, and revoke credentials for channels that are no longer needed.
If enabled, external events or configured hooks could cause scripts to run in the user's OpenClaw environment.
The docs describe webhooks and hooks that can trigger scripts. This is a documented automation feature, but script-triggering features can be sensitive if configured broadly.
Webhooks 接收外部事件触发。 ### Hooks 在特定事件时执行脚本。
Only enable trusted hooks and webhooks, review any scripts before use, and require explicit approval for automations that mutate files, accounts, or systems.
Personal preferences, decisions, and contextual details may persist across sessions if the user uses OpenClaw memory features.
The documentation describes long-term memory storing decisions, preferences, and context. Persistent memory is purpose-aligned but can retain sensitive information.
MEMORY.md 长期记忆,存储重要决策、偏好、上下文。
Review memory files periodically, avoid storing secrets or highly sensitive data, and define retention or cleanup practices.
Messages, media, and commands may flow between connected chat platforms, agents, devices, and interfaces depending on configuration.
The core architecture routes data between chat apps, plugins, the gateway, agents, CLI, web UI, and devices. This is the product's stated purpose but creates cross-system data boundaries.
Chat apps + plugins → Gateway → 智能体/CLI/Web UI/macOS/iOS/Android
Use channel whitelists, restrict remote access, trust only known plugins, and review which agents and devices are connected.