Bengii Gemini Fix
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a coherent OpenClaw operations guide, but it documents powerful agent, browser, credential, and persistence controls that need careful review before use.
Use this only if you intend to administer an OpenClaw installation. Before installing, verify the source despite the registry name mismatch, avoid auto-approval modes, keep browser and gateway endpoints private, prefer token files or secret references, and review any persistent ACP sessions, cron jobs, webhooks, or memories the agent creates.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured this way, external agent sessions could take actions without per-action approval.
The skill documents persistent external agent runtimes and an approval mode that automatically accepts all permission prompts, which can remove important safety gates.
ACP agents allow OpenClaw to spawn and manage external AI agent runtimes ... as persistent or one-shot sessions ... `approve-all` | Auto-approve all permission prompts
Avoid `approve-all` except in tightly controlled environments; prefer `approve-reads` with `nonInteractivePermissions=fail`, restrict allowed agents and working directories, and require explicit confirmation before spawning persistent sessions.
The agent could run JavaScript in a controlled browser profile, which may interact with pages where you are logged in.
Browser JavaScript execution is an expected OpenClaw browser feature, but it is powerful and can affect logged-in web sessions.
`browser act kind=evaluate` / `openclaw browser evaluate` and `wait --fn` execute arbitrary JavaScript. Disable with `browser.evaluateEnabled=false`.
Use an isolated OpenClaw browser profile, disable browser evaluation unless needed, and approve browser actions involving authenticated sites.
Installing and using the skill for browser-related OpenClaw tasks may let the agent operate in sessions tied to your accounts.
The browser automation guidance explicitly acknowledges that the managed profile can hold authenticated sessions.
The `openclaw` browser profile may contain logged-in sessions; treat as sensitive.
Keep browser profiles separate from personal browsing, avoid using sensitive accounts unless necessary, and protect Gateway/browser control endpoints with strong auth and loopback or VPN-only access.
A local user or diagnostic log could expose the gateway token if it is supplied directly on the command line.
The documented command passes a gateway token through command-line arguments, which can leak via shell history or process listings.
openclaw gateway install --port <port> --runtime <node|bun> --token <token> --force
Prefer token files, environment variables, or OpenClaw secret references instead of putting tokens directly in argv.
OpenClaw jobs or webhook triggers may cause the agent to act later, outside the immediate conversation.
The skill documents scheduled and externally triggered agent runs that can persist and inherit existing tool permissions.
Cron runs inside the Gateway ... Jobs persist under `~/.openclaw/cron/jobs.json` ... Webhooks inherit the agent's tool permissions
List and review cron jobs regularly, restrict webhook exposure, require authentication, and delete jobs that are no longer needed.
Incorrect or sensitive information stored as memory could be reused in future OpenClaw sessions.
The artifacts document durable memory behavior; persistent memories can influence later agent behavior if inaccurate or over-trusted.
systemPrompt: "Session nearing compaction. Store durable memories now."
Review what OpenClaw stores as memory, avoid saving secrets, and provide a way to inspect, correct, or delete durable memories.
You may install or update external software as part of following the guide.
The skill documents installing the latest OpenClaw package and plugins from external registries, which is expected for setup but has normal supply-chain risk.
Runs `npm install -g openclaw@latest` ... `openclaw plugins install @openclaw/acpx`
Install only from trusted sources, verify package names and publishers, and consider pinning versions for production systems.
A user could be confused about what they are installing or who maintains it.
The registry-facing name and provenance do not clearly match the OpenClaw skill identity shown in the included SKILL.md and README.
Name: Bengii Gemini Fix ... Source: unknown ... Homepage: none
Verify that this is the intended OpenClaw skill and confirm the publisher/source before using it for gateway administration.