OpenClaw Agent Control Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is purpose-aligned, but it runs unpinned remote code and starts long-running web services, including a backend bound to all network interfaces.
Review the remote repository before running this skill, consider pinning it to a trusted release, change PROJECT_DIR to a non-root location, and bind the backend to localhost unless you intentionally want network access.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill can execute whatever code is currently on the remote main branch and any dependencies or package scripts it installs.
The script pulls the latest remote repository code and immediately runs Python and npm workflows from it, without a pinned commit, checksum, lockfile review, or provenance validation in the provided artifacts.
git clone "$REPO_URL" "$PROJECT_DIR" ... git -C "$PROJECT_DIR" pull --ff-only origin main ... uv run ... --app-dir "$PROJECT_DIR" ... npm install
Pin the repository to a reviewed commit or release, document the exact runtime dependencies, and review the cloned project before running backend or npm commands.
The backend service may be reachable from other machines on the network if firewall rules allow it, increasing exposure of the control interface.
Binding the backend to 0.0.0.0 exposes it on all network interfaces, while the skill documentation only directs users to localhost URLs for validation.
python -m uvicorn app:app --app-dir "$PROJECT_DIR" --host 0.0.0.0 --port "$MONITOR_PORT"
Bind to 127.0.0.1 by default unless remote access is explicitly needed, document the exposure clearly, and require users to configure authentication and firewall rules before network exposure.
Running the deployment as root would give the cloned project and its npm/Python commands higher local privileges than necessary.
The default install location is under /root, which may require or encourage elevated privileges for a deployment that could otherwise run from a user-scoped directory.
PROJECT_DIR="${PROJECT_DIR:-/root/OpenClaw-Agent-Control}"Use a non-root PROJECT_DIR and run the service under a dedicated low-privilege account where possible.
Backend and frontend processes may remain active until manually stopped, consuming resources and keeping network services available.
The deployment starts background or production-style services that may continue running after the setup command finishes, with no stop or cleanup instructions in the provided artifacts.
nohup uv run ... > /tmp/openclaw-agent-control-backend.log 2>&1 & ... PORT="$PORT" npm run prod:restart
Document how to stop, restart, and uninstall the services, and prefer a managed service configuration with clear lifecycle controls.