Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Setup Assistant
v1.0.0Automates OpenClaw VPS setup, applies security hardening, configures multi-agent systems, messaging integrations, and generates deployment documentation.
⭐ 0· 121·0 current·0 all-time
by@harvnk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md claims to perform full VPS setup (installing Node.js/OpenClaw, configuring UFW, SSH, fail2ban, creating users, editing openclaw.json, binding gateways, installing integrations). Those actions normally require root/sudo, specific binaries (node, ufw, fail2ban, systemctl, cron), and credentials for AI providers and messaging platforms. The registry metadata, however, lists no required env vars, binaries, or config paths — an incoherence between claimed purpose and declared requirements.
Instruction Scope
Instructions are high-level but direct the agent to perform system-level changes (user creation, firewall rules, package installs, editing configuration files, binding services, setting up cron jobs) and to configure external integrations using API keys/tokens. The SKILL.md does not include explicit safe-guards, nor does it enumerate precisely which credentials or files will be read/written, giving the agent broad discretion over sensitive operations.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk because nothing will be written by a packaged installer. The risk comes from the actions the instructions ask the agent to perform on the target VPS, not from an installer downloading arbitrary code.
Credentials
SKILL.md explicitly requires 'AI provider API key' and optionally 'messaging platform bot token', and expects SSH root/sudo access. Yet the skill metadata declares no required env vars, primary credential, or config paths. Requesting broad credentials (provider keys, messaging tokens, root SSH access) is proportionate to the described actions — but the absence of declared required secrets in metadata is an inconsistency that prevents automated vetting and increases risk.
Persistence & Privilege
The skill is not 'always: true' (good) and has no install mechanism, but it instructs the agent to make durable system changes (users, firewall, cron jobs, backups). The default allowance for autonomous invocation is enabled; combined with the above inconsistencies, autonomous execution could have a large blast radius. There is no evidence the skill modifies other skills or system-wide agent configs.
What to consider before installing
Do not run this skill on a production host without manual review. Specific actions to take before installing/using: 1) Ask the publisher for provenance and a vetted install script or step-by-step commands you can inspect; 2) Require the skill to declare exactly which environment variables and files it will read/write (AI keys, bot tokens, openclaw.json path); 3) Test in an isolated VM or staging instance first; 4) Provide only temporary, least-privilege API tokens (rotate or revoke after testing); 5) Review any commands the agent proposes before executing, especially user creation, firewall and package installation steps; 6) Ensure the gateway/service is actually bound to localhost and sandbox mode is enabled in configuration; 7) Prefer manual setup or a signed/traceable installer if you cannot audit the commands. If the publisher cannot explain the metadata omissions (no declared env vars/binaries) and provide transparent install instructions, consider this skill untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk971ybzw8kswvd8wp063ngat41837ey0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.