OpenClaw Docs
AdvisoryAudited by Static analysis on May 2, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If directed to a non-OpenClaw URL, the skill could fetch and print content from another HTTP endpoint instead of only the intended documentation site.
The fetch helper accepts full http(s) URLs and downloads them. This is useful for docs URLs, but it is not domain-restricted in code.
if [[ "$input" =~ ^https?:// ]]; then ... curl -fsSL "$url" -o "$tmp"
Use this skill only with docs.openclaw.ai paths or URLs, and consider adding a domain allowlist if publishing a stricter version.
Users cannot easily compare this package against an official upstream repository or homepage before installing.
The registry metadata does not provide an upstream source or homepage, so users have less provenance context even though the included scripts are present for review.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Prefer a version with a clear source repository/homepage, or review the included scripts before use.