ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Create New Openclaw Instance on GCP VM

Deploy and configure an OpenClaw instance on a GCP VM with Tailscale networking, Brave Search integration, and secure credential handling.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 1.9k · 4 current installs · 5 all-time installs
by@divide-by-0
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The intent (provision an OpenClaw instance on GCP) matches the commands in SKILL.md (gcloud, ssh, install OpenClaw, Tailscale, Brave integration). However the registry metadata declares no required env vars/credentials, while the instructions explicitly require OPENCLAW_PROJECT_ID, OPENCLAW_USERNAME, ANTHROPIC_TOKEN, and BRAVE_API_KEY, and also rely on a local SSH public key (~/.ssh/id_ed25519.pub). The missing declarations are an incoherence that makes the skill's manifest unreliable.
!
Instruction Scope
The instructions read local files (~/.ssh/id_ed25519.pub), require environment secrets (Anthropic and Brave keys) and transmit those secrets to the remote VM via stdin/ssh heredocs. They also write a systemd drop-in containing an API key and modify ~/.openclaw/openclaw.json. While all of this is plausibly required for provisioning, the instructions perform file reads/writes and secret transmission beyond what the skill metadata declares — and they use broad, interactive commands (ssh, systemctl --user, jq edits) that an automated agent would carry out with real privileges.
!
Install Mechanism
This is an instruction-only skill (no install spec), which reduces platform-side risk. However the runtime instructions repeatedly download and execute remote install scripts (curl | sh from tailscale.com and raw.githubusercontent.com) and globally install an npm package (openclaw@latest). Piping arbitrary remote scripts into sh and installing 'latest' packages are common in bootstraps but are higher-risk actions and should be reviewed before execution.
!
Credentials
The SKILL.md requires multiple secrets (ANTHROPIC_TOKEN and BRAVE_API_KEY) plus a GCP project and SSH username; these are reasonable for the described deployment, but the skill metadata did not declare any required environment variables or a primary credential. That mismatch is a red flag: the skill is asking for sensitive credentials without declaring them in its manifest, making it easier to accidentally grant secrets without realizing the skill needs them.
Persistence & Privilege
The skill does not request always:true and does not claim system-wide persistent privileges. It writes user-level systemd config and modifies the user's OpenClaw config on the VM, which is expected for installing/ configuring OpenClaw. No evidence it attempts to modify other skills or global agent settings.
What to consider before installing
This SKILL.md reasonably describes how to create an OpenClaw VM, but the manifest and the instructions disagree — the file expects several environment variables and a local SSH key that the registry did not declare. Before using it: 1) Do not run the quick script (chmod +x ./openclaw-quick-setup.sh && ./...) without first opening and inspecting the script. 2) Manually inspect any remote install scripts (tailscale install.sh, nvm install.sh) instead of piping them to sh; prefer downloading, reviewing, then executing. 3) Ensure you understand where secrets go: ANTHROPIC_TOKEN and BRAVE_API_KEY will be sent to the VM and stored in a systemd drop-in; only use keys you are willing to place on that machine, and ensure file permissions and service scope are appropriate. 4) Confirm the npm package openclaw@latest source and prefer pinning a known-good version. 5) Update or ask the skill author to fix registry metadata to list required env vars and explain why each secret is needed. 6) If you want automation, run the commands interactively yourself (or in a sandbox) rather than letting an agent execute them autonomously.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9738prd23ggvdegqbjh4stt1980hpta

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

OpenClaw Cloud Setup Skill

Deploy OpenClaw to GCP with Tailscale and Brave Search.

Required Environment Variables

export OPENCLAW_PROJECT_ID="your-gcp-project"
export OPENCLAW_USERNAME="your-ssh-username"
export ANTHROPIC_TOKEN="sk-ant-oat01-..."   # Keep secret
export BRAVE_API_KEY="..."                   # Keep secret

Quick Start

chmod +x openclaw-quick-setup.sh
./openclaw-quick-setup.sh

Manual Setup (Copy-Paste)

# Set variables first (see above)
ZONE="us-central1-a"
VM="openclaw"

# Create VM
gcloud compute instances create "$VM" \
  --project="$OPENCLAW_PROJECT_ID" --zone="$ZONE" \
  --machine-type=e2-medium \
  --image-family=debian-12 --image-project=debian-cloud \
  --boot-disk-size=10GB \
  --metadata=ssh-keys="${OPENCLAW_USERNAME}:$(cat ~/.ssh/id_ed25519.pub)"

IP=$(gcloud compute instances describe "$VM" \
  --project="$OPENCLAW_PROJECT_ID" --zone="$ZONE" \
  --format='get(networkInterfaces[0].accessConfigs[0].natIP)')

# Wait for SSH, then run setup
sleep 30
ssh -o StrictHostKeyChecking=no "${OPENCLAW_USERNAME}@${IP}" "
set -euo pipefail
sudo apt-get update && sudo apt-get install -y git curl ufw jq
curl -fsSL https://tailscale.com/install.sh | sh
"

# Manual: authorize Tailscale
ssh "${OPENCLAW_USERNAME}@${IP}" "sudo tailscale up"

# Continue setup
ssh "${OPENCLAW_USERNAME}@${IP}" "
set -euo pipefail
sudo ufw allow 22/tcp && sudo ufw allow in on tailscale0 && echo y | sudo ufw enable
echo 'nameserver 8.8.8.8' | sudo tee -a /etc/resolv.conf
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
source ~/.nvm/nvm.sh && nvm install 22
source ~/.nvm/nvm.sh && npm install -g openclaw@latest
"

# Configure OpenClaw (credentials via stdin)
ssh "${OPENCLAW_USERNAME}@${IP}" '
source ~/.nvm/nvm.sh
openclaw onboard --non-interactive --accept-risk \
  --auth-choice token --token-provider anthropic \
  --token "$(cat)" --gateway-bind loopback --install-daemon
' <<< "$ANTHROPIC_TOKEN"

# Add Brave key + enable Tailscale auth
ssh "${OPENCLAW_USERNAME}@${IP}" "
set -euo pipefail
mkdir -p ~/.config/systemd/user/openclaw-gateway.service.d
cat > ~/.config/systemd/user/openclaw-gateway.service.d/brave.conf << CONF
[Service]
Environment=\"BRAVE_API_KEY=\$(cat)\"
CONF
chmod 600 ~/.config/systemd/user/openclaw-gateway.service.d/brave.conf
systemctl --user daemon-reload
source ~/.nvm/nvm.sh
jq '.gateway.auth.allowTailscale = true' ~/.openclaw/openclaw.json > /tmp/oc.json
mv /tmp/oc.json ~/.openclaw/openclaw.json
chmod 600 ~/.openclaw/openclaw.json
openclaw gateway restart
sudo tailscale serve --bg 18789
" <<< "$BRAVE_API_KEY"

# Get dashboard URL
ssh "${OPENCLAW_USERNAME}@${IP}" "tailscale serve status"

# After first browser access, approve device
ssh "${OPENCLAW_USERNAME}@${IP}" 'source ~/.nvm/nvm.sh && openclaw devices list'
# Then: openclaw devices approve <REQUEST_ID>

Key Learnings

IssueSolution
e2-micro OOMUse e2-medium (4GB minimum)
nodesource failuresUse nvm for Node.js 22
DNS broken after TailscaleAdd 8.8.8.8 to /etc/resolv.conf
Brave key in config rejectedUse systemd env var drop-in
Dashboard "pairing required"Run openclaw devices approve <id>

Security Notes

  • Credentials passed via stdin (<<<), not command-line args
  • Config files set to chmod 600
  • Gateway binds to loopback, exposed only via Tailscale
  • UFW blocks all inbound except SSH and Tailscale

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…