ClawHub

Openclaw User Onboarding

v1.0.0

Bootstraps new OpenClaw users with guided setup and configurable feature introductions. Auto-triggers on first session if ONBOARDING_PROGRESS.md is missing....

0· 50·0 current·0 all-time
byTian@dukesky
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the runtime instructions: the skill asks onboarding questions, writes USER.md / SOUL.md / HEARTBEAT.md / ONBOARDING_PROGRESS.md, and schedules periodic feature-intro runs. It does not request unrelated credentials or binaries.
Instruction Scope
Instructions read and write workspace files and create a cron-style job that will trigger future agent turns and deliver intros to the user's chosen channel. This is coherent for an onboarding skill, but it does grant the skill the ability to mutate workspace state and schedule recurring activity — users should expect those side-effects and review the written files and cron job after first run.
Install Mechanism
Instruction-only skill with no install spec or downloads; nothing is written to disk by an installer. Lower risk from install mechanism.
Credentials
No environment variables, secrets, or external credentials are requested. The skill asks for a preferred messaging channel (Q2) to target delivery; actual delivery is expected to use existing platform connectors rather than new credentials, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is flagged always: true and is injected into every interactive session so it can auto-trigger on first run. This behavior is explained by the README (always-loaded to check onboarding state), but always:true is a higher privilege—it will be present in all sessions and can auto-start the onboarding flow and create cron jobs. That is reasonable for onboarding but worth conscious consent.
Assessment
This skill is internally consistent for an onboarding tool, but it will modify workspace files and create a recurring cron job that triggers agent messages. Before installing or allowing it to run: 1) Inspect SKILL.md and README (you already have them) to ensure you’re comfortable with files it will write (USER.md, SOUL.md, HEARTBEAT.md, ONBOARDING_PROGRESS.md). 2) If you prefer to test first, install it in an isolated workspace copy or a throwaway profile. 3) After first run, verify the ONBOARDING_PROGRESS.md and the created cron job (jobId) and confirm delivery channel settings are correct. 4) If you don’t want persistent auto-loading, do not enable always-loaded skills or remove this skill after setup. 5) If you see unexpected external delivery targets or unknown credentials being requested, revoke and investigate. Overall: acceptable for use if you trust the source and consent to automatic workspace changes and scheduled intros.

Like a lobster shell, security has layers — review code before you run it.

latestvk972jgvh1t1dskskmq49pzg2zx84pnbr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments