0G Compute
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for setting up 0G Compute providers, but users should notice that it installs an external CLI and handles wallet keys, funds, and third-party model routing.
Before installing, verify the npm CLI package, use a dedicated wallet with limited funds, protect the stored private-key config file, manually approve all fund-moving commands, and only route sensitive prompts to 0G providers you have verified and trust.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill's required CLI means trusting the external npm package that provides wallet and provider operations.
The skill depends on a globally installed external npm package to provide the 0g-compute-cli binary; this is expected for the integration, but the package contents and version are not included in the skill artifacts.
npm i -g @0glabs/0g-serving-broker
Install only from a trusted npm registry, verify the package publisher/version, and consider pinning or auditing the package before using it with real funds.
Anyone who can read the stored private key may be able to access the wallet or funds associated with the 0G account.
The skill discloses that the 0G wallet private key is used for login and persisted by the CLI, which is powerful credential access but directly related to the stated wallet/provider workflow.
0g-compute-cli login --private-key "$OG_PK" ... Private key stored in `~/.0g-compute-cli/config.json` — never expose this file
Use a dedicated low-balance wallet, protect file permissions on ~/.0g-compute-cli/config.json, avoid placing private keys in shell history, and do not share config files or logs containing secrets.
If run with the wrong provider, network, or amount, these commands could move funds in an unintended way or make them unavailable for inference.
The documented CLI workflows include moving on-chain balances between the wallet, main account, and provider sub-accounts. These commands are purpose-aligned but financially impactful.
0g-compute-cli deposit --amount <0G> ... transfer-fund --provider <addr> --amount <0G> ... retrieve-fund ... refund --amount <0G>
Require explicit user confirmation for any deposit, transfer, retrieve, or refund command, and verify provider address, network, amount, and balance before execution.
Prompts or files sent to the configured model may be processed by the selected 0G provider rather than a local model or previous provider.
Configuring a 0G provider makes OpenClaw send model requests to an external provider endpoint. This is the intended integration, but it changes where prompts and model inputs are processed.
"baseUrl": "https://provider-url.example.com/v1/proxy", "apiKey": "<your-api-secret>", "api": "openai-completions"
Use verified providers, avoid sending highly sensitive data unless the provider and TEE verification are trusted, and keep provider API secrets out of shared configs.