OpenClaw Docs Search + Config Patterns
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent offline OpenClaw documentation/config helper, but it installs a SQLite dependency and includes powerful config and automation examples that users should apply deliberately.
This skill looks safe for its intended purpose: local OpenClaw documentation search and config guidance. Before installing, expect a Node/npm SQLite dependency and a local docs index under ~/.openclaw. Treat any config.patch, cron, heartbeat, channel, or binding examples as changes that require your review because they can affect agent behavior, costs, and notifications.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installation may run local Node/npm setup and build a SQLite index on the machine.
The skill installs an npm SQLite dependency and runs a local index build. This matches its offline FTS search purpose, but users should notice that it is not purely static documentation.
install: ... kind: "npm" ... package: "better-sqlite3" ... postInstall: "node scripts/docs-index.js rebuild"
Install only if you are comfortable with the npm dependency and local post-install indexing step.
Following the examples can change which agents respond, which channels are enabled, and how the gateway behaves.
The reference material teaches commands that mutate OpenClaw gateway configuration. This is purpose-aligned and presented with safer patch/verification guidance, but config changes can affect agent routing and behavior.
openclaw gateway config.patch --raw "$(cat patch.json)" --note "Descriptive note"
Review generated patches before applying them, prefer scoped config.patch operations, and keep backups for rollback.
A configured heartbeat or cron job may cause agents to wake up, read workspace instructions, spend tokens, and potentially send notifications on a schedule.
The skill includes patterns for periodic heartbeat activity and persistent workspace-driven instructions. These examples are disclosed and bounded, but they can create recurring autonomous agent actions if adopted.
"heartbeat": { "enabled": true, "intervalMinutes": 30, ... "prompt": "Read HEARTBEAT.md if it exists (workspace context). Follow it strictly." }Enable recurring automation only intentionally, use active-hour/timezone limits, and keep HEARTBEAT.md or similar instruction files trusted and reviewed.