ClawHub

OpenClaw Production Setup Guide

v1.3.0

Step-by-step 6-part guide to set up OpenClaw AI assistant on VPS with WhatsApp, Google OAuth, backups, security, automation, and verification.

0· 413·0 current·0 all-time
byAli Aziz@aliahmadaziz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is an instruction-only production setup guide. The name/description align with the SKILL.md content (VPS, WhatsApp, Google OAuth, backups, hardening). It does not request unrelated binaries or environment variables.
Instruction Scope
SKILL.md instructs the agent to direct users to the external guide and provides an overview and security notice. The skill itself does not instruct the agent to read local files or access credentials, but the guide explicitly walks users through creating/storing many sensitive credentials (OAuth tokens, API keys, SSH keys, rclone crypt keys). That is expected for a production setup guide but raises operational risk when followed.
Install Mechanism
Instruction-only skill with no install spec and no code artifacts — nothing will be written or executed by installing the skill itself.
Credentials
The skill declares no required environment variables or credentials. However, the guide describes generating and storing multiple sensitive credentials (Anthropic API key, Google OAuth tokens, Cloudflare tunnel token, rclone crypt keys, SSH keys). These are reasonable for the described purpose but users should ensure they create least-privilege credentials and do not paste secrets into chat or public places.
Persistence & Privilege
always is false and the skill is user-invocable. There is no request to modify other skills or system-wide agent configuration or to persist credentials on the agent side.
Assessment
This skill is essentially a pointer to an external, detailed production setup guide and is coherent with that purpose. Before using it: (1) Verify the URLs (github and hosted guide) are legitimate and served over HTTPS; (2) do not paste real secrets into chat—use placeholders when asking the agent for example commands; (3) when creating OAuth keys, API keys, Cloudflare tokens, and rclone crypt keys, apply least-privilege scopes and use ephemeral or limited credentials where possible; (4) keep keys off source control (chmod 600 as recommended) and store them in a secure secret manager; (5) consider testing the guide in a non-production/staging environment first; and (6) manually review any copy-pasteable scripts the guide links to before running them. The skill itself will not collect credentials, but the procedures it points to require careful handling of sensitive data.

Like a lobster shell, security has layers — review code before you run it.

beginnervk974jeam74yjn4p10rjdz0tx2181p5f1guidevk974jeam74yjn4p10rjdz0tx2181p5f1installationvk974jeam74yjn4p10rjdz0tx2181p5f1latestvk974jeam74yjn4p10rjdz0tx2181p5f1productionvk974jeam74yjn4p10rjdz0tx2181p5f1securityvk974jeam74yjn4p10rjdz0tx2181p5f1setupvk974jeam74yjn4p10rjdz0tx2181p5f1vpsvk974jeam74yjn4p10rjdz0tx2181p5f1whatsappvk974jeam74yjn4p10rjdz0tx2181p5f1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments