Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

openclaw-doc

v1.0.0

OpenClaw 平台完整使用指南。涵盖 Gateway 配置、频道设置（Telegram/Discord/WhatsApp/微信等）、定时任务、会话管理、安全策略、沙盒配置、模型管理、Agent 管理、设备配对、心跳机制、CLI 命令等。当需要：(1) 配置或排查 OpenClaw (2) 添加频道/定时任务/...

⭐ 0· 41·0 current·0 all-time

byamazcuter(神奇可人）@amazcuter

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoRequires walletCan make purchasesRequires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Pending

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The skill claims to be an OpenClaw usage guide and contains a large archive of Markdown docs and examples. It declares no binaries, env vars, or install steps — which is consistent for an instruction-only documentation skill.

ℹ

Instruction Scope

The SKILL.md and included files are documentation and examples (CLI invocations, config snippets, local file paths). This stays within the stated purpose. However, the documentation contains example commands that reference local paths (e.g. /mnt/nas/openclaw-docs), gateway tokens, and env var names; those are examples for operators and could lead a user to run shell commands or paste secrets if followed blindly. The static scanner also flagged a 'system-prompt-override' pattern in the SKILL.md — the docs include mention of system prompts and directives in places (e.g., system prompt / tool behavior descriptions). The presence of that pattern in docs is worth caution but is not evidence the skill will perform prompt override actions itself.

✓

Install Mechanism

No install spec, no code files to execute, and no downloads. Instruction-only skills are lowest risk for install-time code execution.

ℹ

Credentials

The skill requires no environment variables or credentials. The documentation does, however, document many env var names (OPENCLAW_GATEWAY_TOKEN, OPENAI_API_KEY, ELEVENLABS_API_KEY, etc.) as examples required by the OpenClaw product; these are explanatory only and not requested by the skill itself.

✓

Persistence & Privilege

always:false and no install/persistence. The skill is user-invocable and allows model invocation (default), which is expected for skills; that alone is not a problem here.

Scan Findings in Context

[system-prompt-override] unexpected: The regex scanner detected patterns associated with prompt-injection/system-prompt overrides inside SKILL.md. In this case the repository is documentation that discusses system prompts and model directives; the detection is a signal to review those sections carefully before allowing any automated agent to act on them. It does not by itself indicate malicious behavior given this is a docs bundle.

Assessment

This skill is a large offline copy of OpenClaw documentation and appears coherent for that purpose — it does not request secrets, install code, or require special privileges. Before installing or allowing autonomous use, review the SKILL.md and README for any examples that ask you to run shell commands or paste tokens. The scanner flagged a prompt-injection pattern: check any sections that mention 'system prompt' or model directives so you don't accidentally allow the agent to change system prompts or paste credentials. If you plan to let the agent invoke this skill autonomously, consider restricting autonomous invocation or reviewing the docs in a sandbox first, and never paste real API keys or gateway tokens into chat windows or into examples provided by the skill.

references/channels/googlechat.md:185