How To Do
Security checks across malware telemetry and agentic risk
Overview
This appears to be a benign OpenClaw coaching guide with a simple local assessment script, but it recommends installing other skills and can save assessment notes locally.
This skill looks safe to install as a guide. Before following its recommendations, review any additional skills it suggests because those may request separate permissions or credentials. If you run the quick assessment helper, expect it to create a local markdown report that you should treat as private if it contains work or personal details.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing recommended skills could grant your agent new tools or permissions depending on those skills.
The guide recommends installing additional skills as part of its coaching purpose. This is user-directed and coherent, but each recommended skill may expand the agent's capabilities.
- **必备skill**:self-improving-agent, find-skills, summarize(始终推荐)
Review each suggested skill's permissions and behavior before installing it, especially integrations like terminal, GitHub, Slack, Docker, deployment, or monitoring tools.
If you run the package start command, it will execute a local shell script that asks questions and writes a report.
The package exposes a Bash helper script. The included script is a local questionnaire/report generator and does not show network, credential, destructive, or privileged behavior.
"scripts": {
"start": "bash scripts/quick-assessment.sh"
}Run the helper only if you want the assessment workflow, and review the script first if you are cautious about local shell execution.
A local markdown file may be created with details about your OpenClaw experience, use case, and recommended skills.
The script writes a timestamped assessment report locally. This is disclosed by the script output and aligned with the skill's purpose, but the report may contain personal workflow preferences or goals.
cat > "openclaw-assessment-$timestamp.md" << EOF
Keep the generated assessment file private if it includes personal or work-related information, and delete it when no longer needed.