OpenClaw Use Case Catalog
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A simple request for use-case inspiration could cause new content to be committed and pushed externally, including mistakes, private context, or untrusted web material.
This makes unreviewed new findings propagate from web research into local files and then a remote Git repository as part of the default workflow.
After each invocation that discovers new use cases, append to (or create) `findings/YYYY-MM-DD.md`... Then commit and push: `git add findings/ && git commit -m "findings: YYYY-MM-DD" && git push`
Require explicit user approval before writing findings or running `git push`; show a diff first and let the user choose the repository, branch, and visibility.
The agent may mutate a GitHub repository using the user's account authority without the user realizing that account credentials are involved.
Pushing to GitHub typically uses the user's local Git credentials or SSH keys, but the skill metadata declares no credential requirement or scope.
Git commit and push to `{github_org}/openclaw-skill-usecases`Declare the GitHub credential requirement, use a dedicated bot or deploy key with limited repository scope, and require confirmation before any push.
A user or agent could treat this as endorsed implementation guidance for social-media automation that bypasses platform protections and risks account abuse or policy violations.
The catalog is intended as inspiration for users, and this entry explicitly presents logged-in browser automation as a way to evade platform bot-detection.
AppleScript controls real logged-in Chrome (not headless) to bypass Reddit's `navigator.webdriver=true` detection.
Remove or clearly quarantine anti-detection tactics; frame social-media automation examples around platform-approved APIs, rate limits, and human review.
Incorrect, untrusted, or sensitive material can become persistent context and influence future recommendations.
The skill builds a persistent knowledge base from web and social sources, then reuses it in later answers.
Reference the catalog below and `findings/` directory for past discoveries; Search the web for fresh examples... Save new findings to `findings/YYYY-MM-DD.md`
Label web findings as untrusted, avoid storing private user details, and review or sanitize entries before reusing or publishing them.