ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw AWS Deploy

v1.0.0

Deploy OpenClaw securely on AWS with a single command. Creates VPC, EC2 (ARM64), Telegram channel, and configurable AI model (Bedrock, Gemini, or any provide...

0· 572·0 current·0 all-time
byGodwin Babu@godwinbabu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name/description match what the included scripts do: create VPC/EC2/SSM/IAM resources and bootstrap OpenClaw. One mismatch: registry metadata declares no required env vars, but SKILL.md and the scripts expect .env.starfish/.env.<name> (TELEGRAM_BOT_TOKEN required, optional GEMINI_API_KEY) and accept AWS credentials via profile/.env.aws — this should have been declared in metadata.
Instruction Scope
SKILL.md instructs the agent to run the included deploy/teardown/setup scripts which perform the expected provisioning steps (create VPC, IAM role, put SSM params, launch EC2, bootstrap Node/OpenClaw, smoke test). The runtime instructions do not ask the agent to read or exfiltrate unrelated local files beyond .env.* workspace files, nor to contact unexpected external endpoints beyond model providers (Bedrock/Gemini) and standard Node/GitHub downloads referenced in troubleshooting. Secrets are stored in SSM as documented (deployment behavior — not hidden).
Install Mechanism
This is an instruction-only skill that bundles deploy scripts. There is no 'installer' that pulls arbitrary code onto the user's machine at install time. The actual install actions occur later in user-run scripts (and on the EC2 instance via user-data). Those scripts download Node tarballs on the EC2 host (official nodejs.org), which is expected for bootstrapping but should be audited if you require strict supply-chain constraints.
Credentials
The scripts and README require AWS credentials (profile / .env.aws / environment / SSO) and a TELEGRAM_BOT_TOKEN (required) and optionally GEMINI_API_KEY. The skill metadata did not list these required env vars, creating a transparency gap. The deployer role/policy created by the helper script includes SSM:PutParameter/GetParameter and broad EC2/IAM actions (Resource: "*") to perform provisioning — these privileges are proportional to creating and tearing down the resources but are powerful and should be run from a dedicated deployer identity with reviewed, least-privilege policies and in an account where you accept those privileges.
Persistence & Privilege
The skill is not always-included and does not request any platform-level persistent privileges. It creates cloud resources (IAM roles, instance roles) as part of normal deployment; that is expected. It does not modify other skills or agent-wide settings. Autonomous invocation is allowed (platform default) but not exceptional here.
Assessment
This repository appears to genuinely implement a one-shot AWS deployer for OpenClaw, but take these precautions before running: - Inspect .env files: TELEGRAM_BOT_TOKEN is required and will be written into SSM Parameter Store for the instance to read. Do not put high-value secrets here unless you accept SSM storage. - Use a dedicated deployer identity/account or a dedicated IAM role/profile. The helper role/policy exercises broad EC2/SSM/IAM permissions needed to create and tear down resources; run setup_deployer_role.sh --dry-run to review the exact policy JSON before creating it. - Confirm Bedrock permissions: the deployment will add Bedrock invoke permissions to the instance role even if you don't plan to use Bedrock; if you require stricter controls, modify the instance role policy to a model allowlist before granting bedrock:InvokeModel. - Prefer --dry-run and preflight: run scripts/preflight.sh and use deploy scripts' dry-run mode to see actions that would be taken. - Verify network downloads you are comfortable with (Node tarball from nodejs.org, npm/git during instance bootstrap). If you need an air-gapped or fully-audited bootstrap, prepare your own AMI or adjust user-data to use curated artifacts. - Do not run this from an admin/root account you care about; review all scripts (deploy_minimal.sh, setup_deployer_role.sh, teardown.sh) end-to-end before executing. If you want, I can: (1) point out the exact lines in the scripts that create IAM/SSM resources, (2) extract the inline IAM policy that would be applied, or (3) produce a safe checklist (dry-run steps and minimal permissions) you can follow before running the deploy.

Like a lobster shell, security has layers — review code before you run it.

awsvk97a1qaywdgvtshv4x2e3z18sn81c22xbedrockvk97a1qaywdgvtshv4x2e3z18sn81c22xdeployvk97a1qaywdgvtshv4x2e3z18sn81c22xec2vk97a1qaywdgvtshv4x2e3z18sn81c22xinfrastructurevk97a1qaywdgvtshv4x2e3z18sn81c22xlatestvk97a1qaywdgvtshv4x2e3z18sn81c22xtelegramvk97a1qaywdgvtshv4x2e3z18sn81c22x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
Binsaws, jq, openssl

Comments