Install OpenClaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does what it says, but its repair/install scripts use broad local changes that can expose saved credentials and execute plugin install code without much scoping.
Install only if you are comfortable with global package installation, a fixed Claude relay endpoint, and persistent OpenClaw/Feishu credentials under ~/.openclaw. Before running fix-bugs.sh, review your plugins and consider editing out chmod -R 755 ~/.openclaw or replacing it with tighter permissions for secret config files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Saved API keys or app secrets may become easier for other local accounts or processes to read.
The repair script recursively sets the entire OpenClaw directory to mode 755. Other included scripts store API keys and Feishu secrets under ~/.openclaw/config, so this can make sensitive configuration files readable by other local users.
CONFIG_DIR=~/.openclaw/config ... chmod -R 755 ~/.openclaw
Do not run the repair script as-is on shared machines. Limit permission fixes to needed directories, keep secret files at 600 or 640, and avoid recursive chmod over the whole ~/.openclaw tree.
Running the repair script can execute code from any plugin already present in ~/.openclaw/plugins and may change plugin dependencies without clear per-plugin approval.
The bug-fix script runs pnpm install inside every plugin directory. Package installs can execute lifecycle scripts, and the scope is all installed plugins rather than a reviewed or user-selected plugin.
for plugin_dir in "$PLUGINS_DIR"/*/; do
...
cd "$plugin_dir" && pnpm install --silentReview installed plugins before running this script. Prefer prompting before each plugin repair, pinning dependencies, and using safer options such as --ignore-scripts when lifecycle scripts are not required.
You must trust the configured relay service and the local machine where the key is stored.
The Claude configuration script asks for an API key, writes it into a local OpenClaw config file, and sends it to the fixed relay endpoint for a connection test. This is disclosed and purpose-aligned, but credential handling is not declared in the registry metadata.
API_URL="https://ai.jiexi6.cn"
...
read -s API_KEY
...
"apiKey": "${API_KEY}"
...
-H "Authorization: Bearer ${API_KEY}"Only enter an API key intended for this relay, verify the endpoint, and check file permissions on ~/.openclaw/config/models.json after setup.
Future upstream changes could alter what code is installed.
The Feishu plugin is cloned from GitHub without a pinned commit or version and then installed. This is normal installer behavior, but it depends on the current state of the remote repository and its dependencies.
git clone https://github.com/openclaw/feishu-plugin.git "$PLUGINS_DIR/feishu" ... pnpm install
Pin plugin versions or commits when possible, and review the cloned repository and lockfile before installing dependencies.