Skillv1.0.1

ClawScan security

OpenClaw Setup (ModelWise) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 2:58 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only installation/configuration guide for OpenClaw and the included scripts are consistent with that purpose, but it references many service API keys and network-exposed defaults that you should review before running commands or enabling the gateway publicly.
Guidance: This skill is an installer/configuration guide for OpenClaw and appears internally consistent. Before following instructions or running included scripts: 1) Verify the npm package 'openclaw' (and 'clawhub' if used) is from a trusted source and inspect any install-time scripts; 2) Avoid running curl | bash or any remote install without reviewing the downloaded script; 3) Be careful with defaults that bind the gateway to 0.0.0.0 and open DM policies (allowFrom: ["*"]) — prefer token/TLS, firewall rules, or LAN-only binds until you harden auth; 4) Keep API keys (OpenAI, Anthropic, Volcengine, Telegram bot token, Slack/Discord tokens) private and only grant the minimum required; 5) Review ~/.openclaw/openclaw.json and logs before enabling public access. The main practical issue is that the skill references many credentials but the registry metadata doesn't list them — understand you will need to provide those secrets for many features.

Review Dimensions

Purpose & Capability: okThe name and description match the contents: SKILL.md, examples, and helper scripts all focus on installing, configuring, and validating an OpenClaw gateway. Files and examples (Telegram, providers, credentials) are coherent with an installer/guide for a multi-channel gateway.
Instruction Scope: noteThe runtime instructions direct the user/agent to install Node.js, run npm install -g openclaw, run the openclaw onboarding wizard, edit ~/.openclaw/openclaw.json, and start the gateway. These are within scope. The guide also suggests piping the nvm install script from raw.githubusercontent.com (common but inherently risky) and contains commands that, if executed without review, can expose a gateway to LAN/public (bind: 0.0.0.0) and enable permissive DM policies. No instructions read unrelated system secrets or exfiltrate data.
Install Mechanism: noteThere is no packaged install spec in the registry (instruction-only). The guide recommends standard community installs (nvm via raw GitHub URL, npm global install of openclaw, optional clawhub via npm). These are common but involve running network-downloaded install scripts and globally installing npm packages — verify package sources and review scripts before running.
Credentials: concernThe skill does not declare required env vars in registry metadata, but the documentation and examples reference many credentials (OPENAI_API_KEY, ANTHROPIC_API_KEY, VOLCENGINE_API_KEY, TELEGRAM_BOT_TOKEN, Slack/Discord tokens, etc.). Those credentials are justified by the gateway's multi-provider/channel function, but the mismatch between 'required env vars: none' and the SKILL.md's heavy reliance on credentials is worth noting so users understand they must provide/manage sensitive API keys.
Persistence & Privilege: okThe skill does not request always:true and does not attempt to modify other skills or system-wide agent settings. The included publish and check scripts operate only on the skill directory and local OpenClaw configuration paths; they do not escalate privileges or claim permanent platform presence.