ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw API Control

Control a hosted OpenClaw instance through the OpenClaw as a Service API. Use when the user asks to talk to OpenClaw over API, send a folder or file to OpenC...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 87 · 0 current installs · 0 all-time installs
byFlorian Standhartinger@fstandhartinger
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and scripts implement an OpenClaw-as-a-Service API client (instance listing/creation, chat, file uploads, command exec) which matches the skill name/description. However the registry metadata at the top of the report lists no required environment variables or primary credential, while SKILL.md and the script require OPENCLAW_API_KEY (and optionally OPENCLAW_API_BASE_URL and OPENCLAW_INSTANCE_ID). That mismatch between declared registry requirements and the runtime instructions is an incoherence that should be resolved before trusting the skill.
Instruction Scope
The SKILL.md gives concrete commands and the code only performs the described actions: network calls to the configured API_BASE_URL, reading local files only when the user explicitly requests an upload, size limit (5MB) and a text-file heuristic are applied. There are no instructions to read arbitrary shell history or unrelated system files. The agent will need to supply the API key to operate.
Install Mechanism
There is no install spec (instruction-only with an included Node script). Nothing is downloaded from third-party URLs and no installers are run. The runtime risk is limited to executing the included Node script, which is visible in the bundle.
!
Credentials
The code legitimately requires a bearer API key (OPENCLAW_API_KEY) and optionally OPENCLAW_API_BASE_URL / OPENCLAW_INSTANCE_ID. Those are reasonable for the stated purpose, but the registry metadata inexplicably omitted them; the omission is suspicious. Also note OPENCLAW_API_BASE_URL is configurable — if an attacker or misconfiguration points it at a malicious endpoint, files and messages would be sent there. Treat the API key as sensitive and use a key scoped to minimal privileges/instances.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. Autonomous invocation (disable-model-invocation: false) is the platform default; combined with the other concerns this does not by itself change the verdict.
What to consider before installing
This package appears to be a straightforward OpenClaw API client and the code matches the documented commands, but there are notable red flags to consider before installing: - The SKILL.md and script require OPENCLAW_API_KEY (and optionally OPENCLAW_API_BASE_URL / OPENCLAW_INSTANCE_ID), yet the registry metadata listed no required credentials — ask the publisher to correct the registry metadata and explain why it was omitted. - The script will read and upload local files when you explicitly request 'upload-tree' or similar; it enforces a 5MB per-file limit and skips likely binaries, but it will transmit whatever you point it at to the configured API_BASE_URL. Ensure OPENCLAW_API_BASE_URL is the official endpoint before uploading sensitive files. - Only provide an API key scoped to the minimum privileges and instances needed; consider creating a test key and rotating it after validating the skill. - The owner and homepage are unknown. Prefer skills from known publishers or with an audit trail; request provenance (author email, repo, or signed release) and review the full script yourself or have a trusted party do so. - Because the manifest/metadata mismatch is the primary concern, ask the maintainer to fix the metadata (declare OPENCLAW_API_KEY as a required credential) and re-publish. If you cannot verify the source or correct the metadata, run the skill in a sandboxed environment and avoid uploading sensitive data. If you want, I can list the exact lines where the code reads OPENCLAW_API_KEY and where file uploads occur so you can inspect them further.
scripts/openclaw_api_client.mjs:20
Environment variable access combined with network send.
!
scripts/openclaw_api_client.mjs:226
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.1
Download zip
latestvk97a9c0kx7fty62jyr1egt4sxx83b1br

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
OPENCLAW_API_KEYrequiredBearer API key created from the OpenClaw account page. Scoped to the authenticated user's instances.
OPENCLAW_API_BASE_URLoptionalBase URL of the OpenClaw as a Service API. Defaults to the production endpoint.
OPENCLAW_INSTANCE_IDoptionalTarget instance ID. When omitted, the skill auto-discovers the first ready instance owned by the API key holder.

SKILL.md

OpenClaw API Control

Overview

Use the hosted OpenClaw API instead of the browser UI when an agent should operate an existing OpenClaw instance directly.

Required environment variables:

  • OPENCLAW_API_KEY
  • OPENCLAW_API_BASE_URL

Optional environment variables:

  • OPENCLAW_INSTANCE_ID

Defaults:

  • If OPENCLAW_API_BASE_URL is missing, use https://openclaw-as-a-service.com/api
  • If OPENCLAW_INSTANCE_ID is missing, discover a ready instance automatically

When To Use

  • “Send this folder to my OpenClaw”
  • “Upload these files into the OpenClaw workspace”
  • “Ask my OpenClaw to continue this task”
  • “Run this command on my hosted OpenClaw”
  • “Read /workspace/... from OpenClaw”
  • “Create an OpenClaw instance through the API”

Workflow

  1. Verify OPENCLAW_API_KEY is present.
  2. Use scripts/openclaw_api_client.mjs root or instances list to confirm connectivity.
  3. Resolve the target instance:
    • Prefer OPENCLAW_INSTANCE_ID
    • Otherwise pick the first ready instance from instances list
  4. Choose the right action:
    • Chat: chat send
    • Recent history: chat tail
    • Files or folders: files read, files write, files upload-tree
    • Commands: terminal exec
  5. Report the exact API action and result back to the user.

Commands

Discover API root

node scripts/openclaw_api_client.mjs root

List instances

node scripts/openclaw_api_client.mjs instances list

Create an instance

node scripts/openclaw_api_client.mjs instances create --invite-code YOUR_CODE

Send a chat message

node scripts/openclaw_api_client.mjs chat send --message "Continue the task in /workspace"

Stream a chat message

node scripts/openclaw_api_client.mjs chat send --stream --message "Narrate each step while you work"

Upload a folder into /workspace

node scripts/openclaw_api_client.mjs files upload-tree --src ./my-project --dest /workspace/my-project

Read a file

node scripts/openclaw_api_client.mjs files read --path /workspace/README.md

Run a command

node scripts/openclaw_api_client.mjs terminal exec --command "pwd && ls -la /workspace"

Notes

  • files upload-tree only uploads text-like files and skips likely binary files.
  • chat tail automatically reuses the latest chat session when no session id is supplied.
  • The helper prints JSON for machine-friendly reuse.

Resources

  • scripts/openclaw_api_client.mjs - Minimal Node client for OpenClaw API operations

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…