v1.0.0

OpenClaw配置管理最佳实践

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:32 AM.

Analysis

This is a coherent OpenClaw configuration guide, but it asks the agent to read and patch full configuration that can contain tokens and persistent agent/channel settings without clear redaction or approval boundaries.

GuidanceReview this skill before installing. It appears to be a legitimate configuration guide, not malware, but only use it for explicit OpenClaw configuration tasks. Require the agent to show the exact patch, get your approval, avoid revealing live tokens, and keep a backup or rollback plan before changing persistent settings.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

每次修改配置前，按此顺序执行: ... gateway config.get ... gateway config.patch ... 修改后用 gateway config.get 验证

The skill tells the agent to use a broad configuration patch command as the normal workflow. While purpose-aligned, it does not specify user confirmation of the exact diff, backups, rollback, or limits on which OpenClaw settings may be changed.

User impactIf followed too freely, the agent could persistently change OpenClaw behavior or integrations in ways the user did not fully review.

RecommendationBefore any patch, show the exact proposed JSON change, explain its impact, ask for explicit approval, and keep a backup or rollback plan.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

references/common-paths.md

"apiKey": "sk-..." ... "token": "YOUR_BOT_TOKEN" ... "token": "YOUR_GATEWAY_TOKEN"

The reference paths include provider API keys, bot tokens, and gateway tokens. This is expected for configuring providers and channels, but users should recognize that these credentials grant access to external accounts or gateway functions.

User impactLive tokens entered into configuration may let OpenClaw access model providers, messaging channels, or gateway functions.

RecommendationUse least-privilege tokens, avoid pasting secrets unless necessary, and rotate any token that may have been exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`gateway config.get` | 查看当前完整配置

The guide instructs the agent to view the complete current configuration. The included reference shows that configuration can contain API keys and tokens, but the skill does not instruct the agent to redact secrets or limit what is brought into conversation context.

User impactSecrets from the OpenClaw configuration could be exposed in tool output, chat context, logs, or later agent reasoning.

RecommendationPrefer scoped config reads where possible, redact tokens before displaying or summarizing configuration, and avoid storing secret values in memory or notes.