ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Config Master

v1.3.3

Edit and validate OpenClaw Gateway config (openclaw.json / JSON5). Covers all config areas — gateway, agents, channels, models, auth, tools, commands, sessio...

0· 163·1 current·1 all-time
bysniper-one@aqbjqtd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires walletRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match what the files implement: schema-first editing, validation, backup/restore and migration helpers for OpenClaw config. However the skill metadata declares no required binaries, env vars, or config paths while the SKILL.md and included scripts clearly expect the openclaw/gateway CLI and access to local config files (e.g., ~/.openclaw/openclaw.json) and runtime logs. That mismatch (omitted prerequisites) is an incoherence to be aware of.
!
Instruction Scope
SKILL.md instructs the agent to run CLI commands (gateway config.patch, openclaw validate/doctor, openclaw gateway restart), to read system logs (tail /tmp/openclaw/openclaw-*.log) and to edit config files directly for protected paths. Those actions are within the stated goal (config management) but are high-privilege operations: they read/write sensitive configuration and secrets and can restart services. The instructions do not always require explicit human confirmation (some flows auto-apply/restart), which increases risk.
Install Mechanism
No install spec (instruction-only + helper scripts). No remote downloads or package installs are declared. This is lower risk than arbitrary install steps, but the included shell scripts will be written to disk when the skill is installed and could be executed by an agent.
Credentials
The skill does not declare any required environment variables in registry metadata, yet the docs and examples routinely reference env-based API keys, .env files (~/.openclaw/.env), and file-backed secrets for channels/providers. Requesting API keys for channel/model providers is expected by purpose, but the metadata omission (no declared env/config paths) means you cannot rely on the registry info to understand what secrets the skill will touch.
!
Persistence & Privilege
always: false (good) and autonomous invocation is allowed (default). Because the skill contains scripts that back up, validate, restore, and can direct agents to run commands that write config and restart the Gateway, autonomous invocation increases blast radius. This is not inherently malicious for a config-management skill, but combined with the metadata omissions and auto-apply semantics it warrants caution (prefer user confirmation and test environment).
What to consider before installing
Plain-language checklist for installing/evaluating this skill: - What it actually does: it helps edit/validate OpenClaw config, offers schema lookup, can run openclaw/gateway CLI commands, create backups, restore and restart the Gateway. That's consistent with the name. - Metadata mismatch: the registry lists no required binaries or config paths, but the skill clearly expects the openclaw/gateway CLI and access to your OpenClaw config (~/.openclaw/openclaw.json) and logs. Treat those as required even if not declared. - Review scripts before use: the package includes shell scripts (backup/validate/restore). Inspect their contents for any destructive or network behavior before executing them. - Protect secrets: the docs show examples referencing API keys and AppSecrets. Do not paste secrets into configs without using secure secret providers; prefer env/file-backed secret providers and check who can read those files. - Prefer manual confirmation and a test environment: avoid allowing autonomous invocation to apply changes automatically in production. If possible run this skill in a sandbox/test instance first and make a full config backup before any change. - Limit scope: restrict the skill's ability to run commands or restart services except when you explicitly approve a change. Ensure 'config.patch' flows require interactive consent. If you want, I can (1) list the shell scripts' contents and point out risky commands, or (2) produce a short procedure to safely validate and run this skill in a test environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cpksr8deh7a7nv2et6rnvnx8460e7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments