Oz CLI Remote Node
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent with its stated purpose, but it grants powerful remote-node command execution and records Oz run details locally.
Install this only if you want the assistant to proxy Oz CLI work to a trusted remote node. Be careful with `!` shell commands, confirm the saved node/profile are correct, turn Oz mode off when finished, and review or delete run-tracking files if prompts contain sensitive information.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Commands prefixed with ! can directly affect the selected remote node and its files or projects.
The skill intentionally exposes user-directed shell execution on a remote node. This matches the stated purpose, but it can modify or delete remote files if the user issues dangerous commands.
Strip the `!` and run it as a direct shell command on the remote node using the `nodes` tool. Command array format: `["bash", "-c", "<command>"]`
Use this only with trusted remote nodes, review commands before sending them, and avoid running destructive shell commands unless you intend the impact.
Granting this permission lets the agent execute Oz CLI and shell commands on the chosen remote node.
The package declares the nodes permission, which is necessary for its remote-node proxy function but gives the agent delegated authority to run commands on configured nodes.
"openclaw": { "permissions": [ "nodes" ] }Grant nodes access only if you intend to let this skill operate on that remote node, and confirm the saved node name points to the expected machine.
Sensitive instructions or links included in Oz prompts may remain in local tracking files after the run completes.
The skill persists run metadata, including the original prompt and Oz URL, into workspace files. This is disclosed and useful for tracking, but it may retain sensitive prompt content.
Create a tracking file in your workspace named `oz_run.<id>.md`. Include in this file: Date, Time, Run ID, the Original Prompt, the Open in Oz URL, and any other relevant metadata.
Avoid putting secrets in prompts, and periodically review or delete `oz_run.*.md` files if they contain sensitive information.
Anything typed while Oz mode is active may be sent to the remote Oz CLI environment.
The skill forwards user messages to another agent/runtime on a remote node. This is central to the skill, but users should recognize that Oz-mode messages leave the current assistant context.
While in Oz mode, treat EVERY subsequent message from the user as a prompt for the `oz` CLI on the remote node
Use `/oz off` when finished, and avoid sending private information unless the remote node and Oz profile are trusted.