Clawned - Protect your OpenClaw Instance and Scan Skills

This skill mostly implements a legitimate scanning/metadata-syncing agent, but there are important mismatches and privacy implications you should consider before installing: - Do not put your CLAWNED_API_KEY into ~/.openclaw/openclaw.json just because the SKILL.md example shows it. The shipped agent reads the API key from the environment (CLAWNED_API_KEY). Storing secrets in openclaw.json may expose them to other local processes or backups. - The agent does load ~/.openclaw/openclaw.json to find extraDirs. That is reasonable for discovering skill locations, but be aware that openclaw.json often contains other service API keys or tokens — keep secrets out of that file or audit its contents first. - 'sync' only sends metadata according to the SKILL.md and agent code, but 'scan --path' will read and upload file contents from a skill directory (explicit user action). Before running a scan, review which files will be collected (SCANNABLE_EXTS and limits: up to 30 files, 512KB each) so you don't inadvertently upload sensitive files. .env files are intentionally skipped by the agent, but secrets embedded in other files (JSON, YAML, .py, etc.) would be included. - Verify you trust the remote server (CLAWNED_SERVER / api.clawned.io) before supplying an API key. If you have a private Clawned deployment, set CLAWNED_SERVER to your trusted endpoint. - If you want to be cautious: run the agent manually in an isolated environment first (or with a read-only mount of skill directories), inspect the code, and avoid enabling automated cron syncs until you are comfortable with what is being sent. - The primary concrete inconsistencies to resolve with the publisher are: (1) whether the agent expects the API key in env vs openclaw.json, and (2) the SKILL.md statement that config files contain no credentials (which is not guaranteed). If the publisher can't clarify these, treat the skill as higher-risk.