OpenClaw Autonomous Setup

The instructions broadly match the claimed goal (deploying an autonomous AI stack) but are vague, ask you to install unvetted npm packages and other skills that may request credentials, and instruct creating persistent memory and cron jobs without guidance — this combination is disproportionate and potentially risky.

Do not run these instructions blindly. Before installing: (1) verify the provenance of the 'openclaw' npm package and the three skills referenced — inspect their source code and npm/github publisher; (2) prefer installing in a disposable VM/container rather than your primary host; (3) never put private keys, passwords, or full account credentials into SESSION-STATE.md — use read-only/watch-only wallet addresses for monitoring; (4) review what credentials the 'sendclaw-email' and 'crypto-degen-toolkit' packages require and apply least privilege (use app-specific, revocable tokens); (5) audit any cron jobs or background services created and restrict network access where possible; (6) if you cannot validate the packages' source and code, treat this as untrusted and avoid deploying to production.