Openclaw Manager

This skill appears to be a legitimate deployment and hardening helper for OpenClaw, but check these before you install/use it: - Metadata mismatch: the registry entry claims no required env vars, but SKILL.md and validate_openclaw_env.py require OPENCLAW_GATEWAY_TOKEN (and often an LLM API key). Treat OPENCLAW_GATEWAY_TOKEN and any LLM/provider keys as sensitive. - The scripts read a .env file and will report on key names, duplicate/malformed lines, placeholders, and weak secrets; they do not transmit secret values elsewhere, but you should never write real secrets into the ops ledger or commit .env files to git. - The skill writes files to your working directory (rollout plan and ops ledger). Review the generated files and ensure the ledger contains only metadata (names of profiles/keys), not secret values. - The provided tooling is planning/validation-focused — it does not perform provider deployments itself. When following provider playbooks (clone + deploy), verify any external commands or provider CLIs separately. - Recommended precautions: run the scripts in an isolated environment, inspect the three included scripts before executing, ensure .env contains only appropriate values, and confirm that you will not accidentally paste secrets into ledger fields or commit them to source control. If you want, I can point out the exact lines in the scripts that read/write files and the precise registry-vs-SKILL.md discrepancy to help you decide whether to proceed.