Billy Emergency Repair
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The repair goal is coherent, but the skill asks an agent to run unreviewed local SSH scripts that can alter a remote authentication system.
Only use this if you are the intended Neill/Billy operator and can inspect the referenced repair and key-setup scripts first. Verify the SSH key, host, exact files deleted, backup location, and rollback plan; otherwise do not let an agent run the commands automatically.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could run unreviewed local scripts that change a remote authentication system.
The workflow depends on external workspace scripts, but the supplied package contains only SKILL.md and no install spec, so the high-impact helper code is not available for provenance or safety review.
bash ~/.openclaw/workspace/scripts/emergency-repair/fix-billy-auth.sh --authorized-by Neill ... bash ~/.openclaw/workspace/scripts/emergency-repair/setup-billy-repair-keys.sh
Do not run the skill unless the referenced scripts are supplied, reviewed, versioned, and installed from a trusted source.
Installing or invoking this could give the agent remote account access capable of changing Billy's authentication state.
The skill uses a local SSH key to access a specific remote host, but metadata declares no credentials or required config paths.
SSH into Billy (EC2 via Tailscale) ... ssh -i ~/.ssh/billy-repair-key ubuntu@100.90.73.34
Require explicit human approval, declare the SSH key and host in metadata, and use a least-privilege repair account with audited access.
A mistaken or unauthorized invocation could disrupt authentication or gateway availability on the remote system.
The documented command chain performs high-impact remote mutations, but the exact file scope, rollback behavior, and approval enforcement are not visible in the provided artifacts.
Clears stale authentication tokens (removes .token, device*.json) ... Removes hardcoded tokens ... Restarts Billy's gateway
Make the repair steps transparent, add a reviewed dry-run mode, require per-run confirmation, and document exact files/services affected and rollback steps.
Users may underestimate the risk of running the repair because the document describes it as authorized and non-destructive without reviewable enforcement.
The skill asks users to trust strong safety claims, but the enforcing script is absent and deleting tokens/restarting a gateway can still be service-impacting.
Neill-only authorization - Script rejects unauthorized use ... Non-destructive - Only removes auth tokens
Clarify that token deletion and restarts are impactful, provide the authorization implementation, and require users to inspect logs and backups before and after execution.