Create New Openclaw Instance on GCP VM
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s goal is coherent, but it asks you to run unreviewed or mutable setup code while creating a persistent cloud OpenClaw gateway with sensitive tokens.
Use this only if you are comfortable creating a billable GCP VM and running a persistent OpenClaw gateway. Avoid the missing quick-start script unless you can verify it, run the manual commands interactively, pin or review remote installers, use least-privilege credentials, and prepare cleanup steps before deployment.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You could end up running setup code that was not reviewed with this skill, or installing changed upstream code at the time you run it.
The primary quick-start script is not present in the supplied one-file manifest, and the manual setup executes remote installers and a mutable latest package during a high-impact cloud deployment.
chmod +x openclaw-quick-setup.sh ./openclaw-quick-setup.sh ... curl -fsSL https://tailscale.com/install.sh | sh ... npm install -g openclaw@latest
Do not run the missing quick-start script unless you independently verify its source. Prefer the manual steps, pin package versions, and review remote installer contents before executing them.
Running this unattended could create billable cloud resources, alter firewall/network configuration, and leave an OpenClaw service reachable through your Tailscale network.
The instructions use powerful cloud and shell tools to create resources, install a daemon, and expose a service, while accepting risk non-interactively and without clear approval or cleanup boundaries.
gcloud compute instances create "$VM" ... openclaw onboard --non-interactive --accept-risk ... --install-daemon sudo tailscale serve --bg 18789
Run the commands step by step, confirm the GCP project/zone/costs, understand what risk is being accepted, and add explicit teardown and rollback steps before use.
Anyone who obtains these tokens or gains access to the VM could potentially use your Anthropic/Brave credentials or affect resources in the selected GCP project.
The skill requires cloud account context and provider API tokens. This is expected for the deployment, but these credentials are sensitive and are not reflected in the registry credential metadata.
export OPENCLAW_PROJECT_ID="your-gcp-project" export ANTHROPIC_TOKEN="sk-ant-oat01-..." export BRAVE_API_KEY="..."
Use a least-privilege GCP project/account, use restricted or temporary API keys where possible, avoid sharing shell history/logs, and rotate credentials if the setup is exposed.
A remote agent gateway may remain active with stored credentials and network reachability longer than intended.
The setup creates persistent OpenClaw gateway configuration and a background Tailscale serve endpoint that continue operating after the setup task is complete.
--gateway-bind loopback --install-daemon ... mkdir -p ~/.config/systemd/user/openclaw-gateway.service.d ... sudo tailscale serve --bg 18789
Add explicit commands to stop/disable the OpenClaw daemon, reset Tailscale serve, revoke device approvals, and delete the VM when no longer needed.
Approved devices or tailnet members may be able to reach the OpenClaw gateway, so mistaken approvals could expose the instance.
The gateway is intentionally made reachable through Tailscale and uses device approval. This is purpose-aligned, but access depends on tailnet/device authorization being managed correctly.
jq '.gateway.auth.allowTailscale = true' ~/.openclaw/openclaw.json > /tmp/oc.json ... sudo tailscale serve --bg 18789 ... openclaw devices approve <REQUEST_ID>
Approve only expected devices, review Tailscale ACLs, and periodically check active serve status and OpenClaw device approvals.