openclaw-connect子节点专用skill

A trusted Hub operator, or anyone who compromises the Hub or node credentials, may be able to make the local agent perform actions on the user's machine or accounts.

The skill explicitly turns the local OpenClaw instance into a worker that automatically receives and executes Hub-sent tasks through powerful local execution paths.

Installation may execute or deploy code that was not part of this reviewed package, with system-level privileges.

The installer is root-level and can pull the current contents of an unpinned branch from an external Git repository, which may differ from the reviewed artifact.

Private agent identity, prompt/profile content, channel type, and installed skill names may be disclosed to the configured Hub.

The node reads local OpenClaw profile/context data and sends it to the Hub during agent registration.

If used across an untrusted network, node credentials, task metadata, or control traffic could be exposed or tampered with.

The documented Hub control channel uses HTTP/WebSocket examples for credentials, heartbeats, and task polling, with no TLS requirement described.

The remote worker may continue running and accepting Hub-directed work after setup unless the user explicitly disables or uninstalls it.

The node is intended to run as a persistent daemon and keep reconnecting rather than stopping after a single user-requested task.

Anyone who can read that local file may be able to reuse node credentials or impersonate the node to the Hub.

Hub app credentials and the session token are persisted locally so the node can reconnect after restarts.