ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Assistant Configurator

v1.0.0

管理和优化OpenClaw配置,包括模型选择、技能管理、工具配置和系统调优。使用场景:当需要调整AI助手行为、优化性能、添加新功能、或解决配置问题时使用此技能。

0· 46·0 current·0 all-time
by@junsheng428
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (assistant configuration, model selection, skill/tool management) align with the SKILL.md content. All examples and commands (gateway, config.patch, session_status, openclaw CLI) are relevant to managing OpenClaw configuration and behaviors.
Instruction Scope
The SKILL.md instructs the agent to read/modify system configuration and to view logs (e.g., gateway actions, openclaw status, tail -f ~/.openclaw/logs/openclaw.log). This is within scope for a configurator, but it assumes the runtime has the OpenClaw CLI/gateway API and sufficient permissions to read logs, patch configs, and restart services — verify those preconditions in your environment before use.
Install Mechanism
Instruction-only skill with no install spec or bundled code — lowest installation risk. Nothing will be downloaded or written to disk by an installer.
Credentials
The skill declares no required environment variables, but the instructions reference API keys and secrets (BRAVE_API_KEY, Telegram botToken, other channel keys) and demonstrate writing those into configuration. This is coherent (a configurator may need service keys), but the skill does not declare those variables up-front — be aware it will ask you to provide/store service credentials when configuring integrations.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously by the agent (platform default). The skill does not request persistent/automatic inclusion or modify other skills' configs beyond using gateway config.patch calls (which is expected for a configurator).
Assessment
This skill appears to do what it says: it gives commands and examples for changing OpenClaw's config, switching models, adding channels, and restarting services. Before using it: 1) Verify the skill source/trustworthiness (homepage unknown). 2) Back up your OpenClaw config as recommended. 3) Ensure the runtime has the openclaw CLI/gateway API and permissions to read logs and restart services. 4) Be cautious when entering API keys or bot tokens — store them securely and prefer environment-managed secrets rather than plain text in configs. 5) Test changes in a staging environment where possible. If you want tighter control, disable autonomous invocation for agents that will use this skill or require explicit user confirmation before applying config.patch/restart actions.

Like a lobster shell, security has layers — review code before you run it.

latestvk970k0k20gyvf2skss66vfedj9841fhz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments