Openclaw Cli Bridge Elvatis

The skill’s code and instructions largely match the stated purpose (bridging local CLIs and browser sessions), but it reads/writes sensitive local auth/cookie files, launches browsers and CLI subprocesses, and has ambiguous command authorization and an unexplained "WhatsApp alert" behaviour — review before installing.

This plugin appears to do what it claims (bridge local CLIs and browser sessions), but it requires access to local OAuth tokens, browser cookies and will write persistent profiles/state under your home directory and launch CLI processes and Chromium. Before installing: 1) Review the full source (especially any code that sends notifications or opens external endpoints) to confirm how the "WhatsApp alert" is implemented. 2) Confirm you are comfortable with the plugin reading ~/.codex, ~/.claude and creating ~/.openclaw profiles; consider running it in an isolated machine or user account. 3) Verify the gateway command authorization (ensure commands.allowFrom is correctly configured so only authorized users can run /cli-*). 4) If you don’t want automated notifications or token refreshes, look for config flags to disable them or remove/disable those modules. 5) Test in a non-production environment first and audit the network and file I/O (proxy port, created files, and any outgoing connections).