ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aliyun Openclaw Setup

v1.0.0

Use when installing or configuring OpenClaw with DingTalk, Feishu, Discord, and additional channels with Bailian/DashScope models on Linux hosts. Use when pr...

0· 51·0 current·0 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the actions in SKILL.md: installing OpenClaw, adding DingTalk/Feishu/Discord channels, and configuring Bailian/DashScope models. However, the SKILL.md explicitly expects secrets/keys (DingTalk AppKey/AppSecret, Feishu App ID/Secret, Discord bot token, DashScope API key) while the skill metadata lists no required env vars or primary credential — an inconsistency that reduces transparency.
!
Instruction Scope
Runtime instructions tell the operator/agent to SSH as root and to fetch external docs (docs.openclaw.ai) and then 'apply installation/configuration on host' using exact commands found there. This effectively tells the agent to automatically execute commands scraped from external pages. The workflow also includes 'curl | bash' to install Node.js and global npm installs; following remote docs blindly can lead to arbitrary command execution.
!
Install Mechanism
The skill is instruction-only (no packaged install), which is lower-risk in itself, but the instructions recommend running a remote install script (curl -fsSL https://deb.nodesource.com/setup_20.x | bash -) and installing global npm packages and plugins (including plain GitHub repo installs). Those are common for this task but are moderate risk when executed automatically or without review (supply-chain / remote-execution risk).
!
Credentials
The documentation and examples reference DASHSCOPE_API_KEY and multiple channel credentials and even a systemd import of DASHSCOPE_API_KEY, but the skill metadata does not declare any required env vars or primary credential. Requesting multiple service credentials (DingTalk, Feishu, Discord, DashScope) is plausible for this setup, but their absence from metadata reduces transparency and could cause accidental credential exposure if handled incorrectly.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills. However, its workflow requires host-level changes (global npm install, adding systemd user service, creating ~/.openclaw/openclaw.json), which are legitimate for a deployment task but entail lasting changes and require care (least privilege, test host, secrets management).
What to consider before installing
This skill appears to do what it says, but exercise caution before running it unattended. Key recommendations: - Expect to provide real credentials (DingTalk/Feishu/Discord tokens and DashScope API key); ensure they are stored on the target host or a secret manager, not checked into repos. The skill metadata did not declare these env vars — treat that as a transparency gap. - Do not blindly run curl | bash or install commands pulled directly from external docs without reviewing them first. Prefer to inspect scripts and plugin repos (verify publisher, recent commits, and release tags) before installing. - When following the 'auto-discover and apply' step, avoid automatically executing commands scraped from web pages; instead, review the exact install commands and package sources first. - Use a non-production test VM and least-privilege user (avoid root when possible) to validate the procedure before applying in production. - Pin plugin versions or install from verified releases rather than arbitrary GitHub branches. Audit plugin code if you must install from a repo. - If you will import env vars into systemd (systemctl --user import-environment), confirm the environment variable names and scope so credentials are not leaked to unintended services. If you want, I can: (a) extract the exact set of commands the skill would run, (b) highlight every place it expects a secret, or (c) produce a safer, review-first checklist you can follow before executing these steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e7zcazgs8p6ct2e7h2tx9f18433qx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments