Create New Openclaw Instance on GCP VM
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: create-new-openclaw-in-gcp Version: 1.0.0 The skill bundle is classified as suspicious primarily due to the use of `curl | sh` for installing Tailscale and NVM from remote URLs (tailscale.com and raw.githubusercontent.com) within the SKILL.md file. While these actions are plausibly needed for the stated purpose of deploying OpenClaw and the sources appear legitimate, executing arbitrary remote scripts directly is a high-risk security practice. There is no clear evidence of intentional malicious behavior such as data exfiltration, backdoors, or prompt injection against the agent, and sensitive credentials are handled via stdin with secure file permissions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You could end up running setup code that was not reviewed with this skill, or installing changed upstream code at the time you run it.
The primary quick-start script is not present in the supplied one-file manifest, and the manual setup executes remote installers and a mutable latest package during a high-impact cloud deployment.
chmod +x openclaw-quick-setup.sh ./openclaw-quick-setup.sh ... curl -fsSL https://tailscale.com/install.sh | sh ... npm install -g openclaw@latest
Do not run the missing quick-start script unless you independently verify its source. Prefer the manual steps, pin package versions, and review remote installer contents before executing them.
Running this unattended could create billable cloud resources, alter firewall/network configuration, and leave an OpenClaw service reachable through your Tailscale network.
The instructions use powerful cloud and shell tools to create resources, install a daemon, and expose a service, while accepting risk non-interactively and without clear approval or cleanup boundaries.
gcloud compute instances create "$VM" ... openclaw onboard --non-interactive --accept-risk ... --install-daemon sudo tailscale serve --bg 18789
Run the commands step by step, confirm the GCP project/zone/costs, understand what risk is being accepted, and add explicit teardown and rollback steps before use.
Anyone who obtains these tokens or gains access to the VM could potentially use your Anthropic/Brave credentials or affect resources in the selected GCP project.
The skill requires cloud account context and provider API tokens. This is expected for the deployment, but these credentials are sensitive and are not reflected in the registry credential metadata.
export OPENCLAW_PROJECT_ID="your-gcp-project" export ANTHROPIC_TOKEN="sk-ant-oat01-..." export BRAVE_API_KEY="..."
Use a least-privilege GCP project/account, use restricted or temporary API keys where possible, avoid sharing shell history/logs, and rotate credentials if the setup is exposed.
A remote agent gateway may remain active with stored credentials and network reachability longer than intended.
The setup creates persistent OpenClaw gateway configuration and a background Tailscale serve endpoint that continue operating after the setup task is complete.
--gateway-bind loopback --install-daemon ... mkdir -p ~/.config/systemd/user/openclaw-gateway.service.d ... sudo tailscale serve --bg 18789
Add explicit commands to stop/disable the OpenClaw daemon, reset Tailscale serve, revoke device approvals, and delete the VM when no longer needed.
Approved devices or tailnet members may be able to reach the OpenClaw gateway, so mistaken approvals could expose the instance.
The gateway is intentionally made reachable through Tailscale and uses device approval. This is purpose-aligned, but access depends on tailnet/device authorization being managed correctly.
jq '.gateway.auth.allowTailscale = true' ~/.openclaw/openclaw.json > /tmp/oc.json ... sudo tailscale serve --bg 18789 ... openclaw devices approve <REQUEST_ID>
Approve only expected devices, review Tailscale ACLs, and periodically check active serve status and OpenClaw device approvals.