Comprehensive skill for installing, configuring, and managing the OpenClaw ecosystem (Gateway, Channels, Models, Automation, Nodes, and Deployment)
v2.0.0OpenClaw CLI wrapper — gateway, channels, models, agents, nodes, browser, memory, security, automation.
⭐ 29· 7.6k·85 current·89 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the contents: this is an OpenClaw CLI wrapper plus local reference docs. However the SKILL.md and script require the 'openclaw' CLI to be on PATH while the registry 'requirements' section lists no required binaries — a minor metadata mismatch. Otherwise the files are consistent with the stated purpose (no unrelated clouds/credentials requested).
Instruction Scope
Runtime instructions and the included scripts simply forward arguments to the user's installed 'openclaw' binary and ship docs. That means the wrapper can run any OpenClaw subcommand (including high-risk operations) — but it enforces a gate via OPENCLAW_WRAPPER_ALLOW_RISKY=1. The SKILL.md is explicit about which commands are 'high-risk'. Still, because the wrapper delegates to an external CLI, installing this skill grants the agent a conduit to invoke many potentially privileged operations if the high-risk gate is enabled.
Install Mechanism
Instruction-only skill with a small helper script. There is no installer that downloads remote code or writes arbitrary binaries; nothing is fetched from external URLs. This is low-risk from an installation perspective.
Credentials
The skill does not declare required env vars but the docs and references mention many sensitive variables (OPENCLAW_GATEWAY_TOKEN, OPENCLAW_GATEWAY_PASSWORD, OPENCLAW_LOAD_SHELL_ENV, OPENCLAW_WRAPPER_ALLOW_RISKY, etc.). The wrapper itself checks only OPENCLAW_WRAPPER_ALLOW_RISKY, but the described OpenClaw usage patterns (config hot-load, .env loading, secret refs, gateway tokens) imply the user may provide secrets to the runtime. The skill asks for no unrelated credentials, but the lack of explicit env declarations combined with documented .env and shell-env import deserves caution.
Persistence & Privilege
The skill is not 'always' enabled and does not request elevated platform privileges. However it can be invoked autonomously by the agent (disable-model-invocation is false by default). If the environment gate OPENCLAW_WRAPPER_ALLOW_RISKY is set, the skill can execute high-risk CLI commands — so autonomous invocation plus a permissive env increases blast radius. This is not inherently malicious but is an important operational risk to consider.
What to consider before installing
This skill is basically a thin wrapper and a local copy of OpenClaw docs — that is coherent with its name. Before installing: (1) verify you trust the installed 'openclaw' CLI the wrapper will call (the wrapper simply forwards commands); (2) do not set OPENCLAW_WRAPPER_ALLOW_RISKY=1 globally unless you understand and approve the specific high-risk actions (secrets apply, plugin/hook install, device pairing, browser automation, node invoke, dns/webhooks, sandbox recreate, etc.); (3) avoid placing gateway tokens or other secrets in an unprotected .env in a workspace where the skill can load them; prefer interactive or restricted secret providers; (4) confirm the registry metadata matches reality (the script requires 'openclaw' in PATH but the skill metadata did not list required binaries); and (5) if you expect the agent to call this skill autonomously, restrict its invocation or review logs/approvals for high-risk operations. If you want higher assurance, inspect the system 'openclaw' binary source or run wrapper commands manually (without enabling the risky gate) to validate behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97423eq4cke4ajc49xc050yxd81z5ke
License
MIT-0
Free to use, modify, and redistribute. No attribution required.