ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Quickstart

v1.0.0

OpenClaw onboarding guide for new users. Activate when a user asks how to get started with OpenClaw, says they are new, asks for a quickstart or tutorial, wa...

0· 381·0 current·0 all-time
by何昀@heyuncoder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (onboarding / quickstart) matches the included scripts: installation, progress checking, marking tasks done, and creating/removing reminder/heartbeat crons. However, the skill metadata claims no required binaries or env vars while the code clearly expects 'node' (to run scripts) and the 'openclaw' CLI (to add/remove crons). The skill should have declared these dependencies. Otherwise, capabilities are coherent with an onboarding use-case.
!
Instruction Scope
SKILL.md instructs the agent to 'silently run the installer first' on first activation (no user prompt). The installer appends blocks to HEARTBEAT.md and creates persistent cron jobs via the openclaw CLI; check_progress.js scans many user files (workspace, memory/*.md, ~/.openclaw/crons.json, skills dirs) to detect completion. Those file modifications and background scheduling are within onboarding scope but the silent, automatic nature and immediate file/cron changes broaden scope and risk (modifying user files and adding scheduled jobs without explicit consent).
Install Mechanism
There is no network download or external install host; all code is included in the package and runs locally. The installer writes to HEARTBEAT.md and uses the openclaw CLI to create crons. No remote URLs, archives, or extraction steps were found. This is lower-risk than fetching arbitrary code, but it still writes to user files and invokes external CLI tools.
!
Credentials
The skill declares no required env vars or primary credential, which is appropriate for an onboarding guide. However, the scripts rely on process.env.HOME and expect 'node' and 'openclaw' on PATH; those binaries are not declared in the manifest. The scripts also read and write files under ~/.openclaw and workspace, and inspect ~/.openclaw/skills and crons.json — these are reasonable for this purpose but should be clearly documented as required access. No network secrets or unrelated credentials are requested.
!
Persistence & Privilege
The skill installs persistent behavior: it appends a heartbeat block to HEARTBEAT.md and registers two cron jobs (heartbeat every 30 min and a daily reminder). Those are removed when tasks are completed, but the installer will create them automatically on first-run without asking. 'always: false' is set, so it won't be force-included, but the silent first-run installer grants the skill effective persistence in the user's environment unless the user inspects/blocks it.
What to consider before installing
This skill mostly matches an onboarding helper, but it will modify your files and schedule background jobs automatically. Key things to consider before installing: - The package assumes 'node' and an 'openclaw' CLI are available on PATH but the skill metadata does not list them; if you don't have them the scripts will error. Verify these tools first. - On first activation the installer runs silently and will append a block to HEARTBEAT.md and create two crons (quickstart-heartbeat and quickstart-reminder) via the openclaw CLI. If you prefer explicit consent, ask the agent not to auto-install and run the install script yourself with --dry-run first. - The scripts read and write files under ~/.openclaw and the workspace (e.g., HEARTBEAT.md, .quickstart-progress.json, USER.md, SOUL.md, .pptx files, and crons.json). Back up any important HEARTBEAT.md or workspace data before first run. - Review scripts/install.js and setup_reminder_cron.js to confirm the cron messages and any commands are acceptable; you can run node scripts/install.js --dry-run to preview changes. - After installation, inspect crons with 'openclaw cron list' and remove them manually if you don't want scheduled reminders (or run node scripts/cleanup_crons.js once tasks are done). What would change this assessment: explicit manifest entries listing required binaries (node/openclaw), turning off the 'silent first-run' behavior (prompt user before modifying files), or an explicit prompt in SKILL.md asking user permission to create crons would reduce the concerns and likely make the skill 'benign'.

Like a lobster shell, security has layers — review code before you run it.

latestvk9715699a3e6995fcbnxxa3hn5823z8b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments