OpenAI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a disclosed OpenAI integration through ClawLink, with expected account access and write capabilities that users should review before approving.
This skill appears coherent and purpose-aligned. Before installing, make sure you trust ClawLink, verify the plugin source, review the OpenAI permissions you grant, and only approve previews for file uploads, fine-tuning, batch, destructive, or bulk actions you actually want.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill requires trusting the external ClawLink plugin in addition to the instruction-only skill.
The skill depends on a separately installed plugin that is not included in the provided artifacts for review.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the plugin only from the expected ClawHub source and verify ClawLink before pairing accounts.
Approving the connection may allow ClawLink-mediated tools to access or modify OpenAI resources within the granted permissions.
The skill delegates OpenAI connection and credential handling to ClawLink, which is expected for the integration but gives the service account-level authority according to the user-approved connection.
Powered by [ClawLink](https://claw-link.dev), an integration hub for OpenClaw that handles hosted connection flows and credentials
Review the OpenAI permissions/scopes during connection and revoke access from ClawLink if you no longer use the integration.
If approved, the agent may create, modify, or upload OpenAI resources, including batches or fine-tuning jobs.
The skill can trigger OpenAI account mutations and potentially cost-incurring operations, but the instructions require confirmation for these write actions.
Upload or manage files after confirmation... Create batches or fine-tuning jobs after confirmation
Check previews carefully before approving writes, destructive actions, bulk operations, or cost-incurring jobs.
OpenAI-related requests and tool calls may pass through ClawLink rather than going directly from OpenClaw to OpenAI.
Tool discovery and execution are mediated through a third-party integration hub, so tool identity, schemas, and available actions come from the live ClawLink catalog.
ClawLink provides tools dynamically based on what the user has connected.
Use the described preview and confirmation workflow, and verify that each live tool action matches what you intended.