Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Boot Installer
v1.0.0Install, update, repair, or health-check the openclaw environment. Use when the user says install openclaw, run the bootstrapper, update packages, fix a brok...
⭐ 0· 65·0 current·0 all-time
byAl Amin@alaminedits
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included behavior: boot.sh installs Node/Python packages, systemd units, symlinks, and performs repair/checks. Requiring bash/curl and (optionally) sudo is expected. Minor inconsistency: SKILL.md metadata lists a runtime download of boot.sh from raw.githubusercontent.com while the package already includes boot.sh.
Instruction Scope
The runtime instructions tell the agent to execute the full boot.sh with sudo escalation. The script reads/writes system locations (e.g., /etc/sudoers.d, /usr/local/bin, ~/.config/systemd/user) and can modify ~/.bashrc, create systemd units and autostart hooks, and kill package manager processes. These actions go beyond simple package installation and can alter system auth and persistence. The script also logs to /tmp and prints failures — no direct secret exfiltration is visible, but the authority granted is broad.
Install Mechanism
No packaged installer is required (instruction-only), but SKILL.md metadata suggests downloading boot.sh from raw.githubusercontent.com (a standard GitHub host). Downloading runtime scripts from raw GitHub is common for bootstrappers but still carries risk: code fetched at runtime can change between publish-time and install-time. The repo's boot.sh is also included in the skill bundle, making the download step redundant and inconsistent.
Credentials
The skill declares no env vars, which matches its instructions. However, the script grants broad system privileges: it creates a sudoers file granting NOPASSWD: ALL for the real user (lines that write to /etc/sudoers.d/openclaw-<user>), which is a permanent, overly-broad escalation of privileges not strictly necessary for many installers and increases attack surface considerably.
Persistence & Privilege
boot.sh writes persistent system-level artefacts: /etc/sudoers.d entries, systemd user service units, /usr/local/bin symlinks, and may modify ~/.bashrc. Although always:false and user-invocable, these changes create long-lived privileges and autostart behavior. The NOPASSWD sudoers entry in particular grants persistent, unrestricted privilege escalation for the user.
What to consider before installing
This skill behaves like a full system bootstrapper and must be treated as such. Before installing: (1) review the full boot.sh contents line-by-line (it is included in the package) to verify every action; (2) be especially cautious about the code that writes /etc/sudoers.d/openclaw-<user> with NOPASSWD: ALL — that gives the user passwordless root access and is a major security risk; (3) note the metadata also instructs downloading boot.sh from raw.githubusercontent.com at runtime — prefer using the included copy or verify the remote script's integrity; (4) run the installer first in an isolated VM or disposable environment to observe behavior; (5) if you need the software but not passwordless sudo, edit the script to remove automatic sudoers modifications and require interactive sudo; and (6) ensure backups and a rollback plan (or snapshot) before allowing the installer to modify /etc, /usr/local/bin, or systemd units.Like a lobster shell, security has layers — review code before you run it.
latestvk97ejdm8yzr2gedf31g0cvsmvs840589
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🦞 Clawdis
OSLinux
Binsbash, curl
Any binsudo