Openclaw Expert
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Install this skill if you want an OpenClaw administration reference. Before letting an agent apply its advice, confirm changes to config, channels, cron jobs, Docker mounts, gateway tokens, and persistent memory files, and prefer pinned/official install sources for production systems. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed carelessly, configuration edits or restarts could disrupt the user’s agent or messaging setup.
The skill is meant to guide configuration changes and service restarts. This is purpose-aligned, but these are administrative actions that can affect a running OpenClaw deployment.
Vor jeder Änderung ... Backup anlegen ... Änderung durchführen ... systemctl --user restart openclaw-gateway
Use the skill for requested OpenClaw administration tasks, but confirm important changes, keep backups, and validate with OpenClaw’s doctor/config tools.
A user who copies these install commands relies on the remote source being trustworthy at execution time.
The documentation includes a remote script install pattern. This is common for setup guides, but it executes code fetched at install time.
curl -fsSL https://get.openclaw.ai | bash
Prefer official sources, review install scripts when possible, and pin versions for production deployments.
A local user or process could potentially see the gateway token while the command is running.
The command passes a gateway token through process arguments. The token is purpose-aligned for gateway health checks, but command-line arguments may be visible locally.
docker compose exec openclaw-gateway node dist/index.js health --token "$OPENCLAW_GATEWAY_TOKEN"
Avoid putting long-lived tokens directly in argv when safer alternatives exist; rotate tokens if they may have been exposed.
Information or instructions written into workspace memory may affect future agent behavior.
The skill documents persistent workspace instructions and memory that are reused across sessions. This is central to OpenClaw, but persistent context can carry stale, sensitive, or poisoned instructions.
AGENTS.md # Betriebsanweisungen (in JEDER Session geladen) ... MEMORY.md # Langzeit-Gedächtnis
Review persistent workspace files periodically and avoid storing secrets or untrusted instructions in long-term memory.
Cron jobs may spend tokens, send announcements, or take actions on a schedule if configured.
The documentation shows how to create scheduled OpenClaw jobs. This is an expected feature, but scheduled jobs persist and can run without the user actively prompting each time.
openclaw cron add --name "Tageszusammenfassung" --cron "0 7 * * *" --message "Fasse die wichtigsten Ereignisse zusammen" --announce
Only create scheduled jobs intentionally, review them regularly, and disable jobs that are no longer needed.
A connected node can add capabilities such as browser or system actions depending on how it is configured.
The examples describe connecting remote nodes to a gateway using a token. This is purpose-aligned for OpenClaw nodes, but it expands the agent’s reach to other devices.
openclaw node host --gateway wss://<vps>.your-tailnet.ts.net --token <gateway-token>
Approve only trusted nodes, protect gateway tokens, and restrict node capabilities to what is actually needed.