FACEPALM
Security checks across static analysis, malware telemetry, and agentic risk
Overview
FACEPALM is a coherent troubleshooting tool, but it can automatically send recent OpenClaw logs and chat transcripts to an external model without clear redaction or per-run approval.
Install only if you are comfortable with recent OpenClaw logs and chat history being sent to an external model for troubleshooting. Prefer manual invocation, review/redact sensitive data first, and verify the OpenClaw/OpenRouter credentials and provider policies before enabling automated integrations.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
60/60 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Recent chats and logs could include private messages, file paths, errors, tokens, or other sensitive troubleshooting data, and could be sent to the model provider when automation triggers the tool.
This documents an automatic path where recent local logs and chat transcripts are packaged for an external model/provider flow. The artifacts do not describe redaction, per-run confirmation, or provider data-handling limits.
When invoked (automatically by Agent Swarm or manually), FACEPALM: ... Reads `gateway.log` ... Extracts chat history ... Uses Codex 5.3 (`openrouter/openai/gpt-5.3-codex`) via OpenClaw CLI
Require explicit confirmation before external model calls, redact secrets from logs and chat, document provider retention/usage, and keep the time window tightly bounded.
A malicious or accidental instruction inside recent chat/log content could lead to incorrect troubleshooting advice.
Raw transcript content is inserted into the prompt sent to the troubleshooting model. If prior chat or log text contains misleading instructions, the model’s diagnosis could be influenced.
content = msg.get("content", msg.get("text", "")) ... context_parts.append(f"[{role}]: {content}") ... context_parts.append("Analyze the console logs and chat history above.")Treat logs and chat as untrusted evidence in the prompt, clearly delimit them, and instruct the model not to follow embedded instructions from those sources.
Running the skill can consume the user’s configured OpenClaw/OpenRouter environment and may trigger model usage or billing.
The script launches the OpenClaw CLI as a subprocess to invoke the model. This is central to the troubleshooting purpose and uses an argument list rather than shell=True, but users should know it spawns another agent/model call.
cmd = ["openclaw", "agent", "--message", prompt, "--model", model, "--deliver", "--timeout-ms", "120000"] ... subprocess.run(cmd, capture_output=True, text=True, timeout=130)
Run it only when troubleshooting is intended, ensure the `openclaw` binary on PATH is trusted, and consider restricting model overrides if used in automation.
The skill may use the user’s configured OpenRouter/OpenClaw account, including any associated permissions, quotas, or billing.
The skill depends on an existing provider credential and CLI account context, even though the registry metadata declares no primary credential. This appears purpose-aligned but should be visible to users.
- **OpenRouter API key** configured (for Codex 5.3 access) - **`openclaw` CLI** on PATH (for invoking Codex via `openclaw agent`)
Declare the credential dependency in metadata and use the least-privileged provider/account configuration available.