SherpaMind
Security checks across static analysis, malware telemetry, and agentic risk
Overview
SherpaMind is mostly coherent for SherpaDesk analysis, but it asks the agent to open public GitHub issues without explicit user approval while also handling sensitive support data.
Install only if you are comfortable storing SherpaDesk support data and an API key under `.SherpaMind/`. Use a least-privileged token, keep the workspace private, and do not let the agent post GitHub issues or logs unless you review and approve the exact public text first.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could post runtime details, environment information, or summarized logs to a public repository using the user's available tools or account.
This tells the agent to create or update public GitHub issues as part of normal use, but does not clearly require the user to approve the external post first.
If a running OpenClaw instance encounters a runtime problem, installation problem, documentation gap, bug, unexpected API behavior, or meaningful feature request while using SherpaMind, it should report that back to the project repository ... if no matching issue exists, open a new issue
Require explicit user confirmation before opening or commenting on GitHub issues, and show the exact redacted issue text to the user before posting.
Anyone or any process that can read the workspace secret file may be able to use the SherpaDesk API key.
The skill needs SherpaDesk credentials for its stated purpose and discloses local credential storage, but this is still account-level access that users should handle carefully.
store the SherpaDesk API key locally in `.SherpaMind/private/secrets/sherpadesk_api_key.txt`
Use the least-privileged SherpaDesk token available, protect the `.SherpaMind/private/secrets/` directory, and rotate the key if the workspace is exposed.
Sensitive support history may be copied into local databases, generated documents, and search/vector artifacts under the workspace.
The skill locally stores and indexes SherpaDesk support history for retrieval and later reuse. This is purpose-aligned, but the dataset may contain private customer, account, and ticket information.
It keeps canonical SherpaDesk data in SQLite, derives rebuildable retrieval artifacts from that data ... and exposes a CLI for sync, observability, analysis, and search.
Keep `.SherpaMind/` out of source control and shared folders, restrict file permissions, and review generated public docs before sharing the workspace.
If installed, SherpaMind may continue calling SherpaDesk and updating local artifacts when OpenClaw is not actively being used.
The skill can persist as a local background service, but the documentation describes it as optional and user-scoped.
optionally install and run a **user-level** `systemd` background service for ongoing sync/enrichment
Install the service only if unattended sync is desired, and use the documented stop/uninstall service commands when background operation is no longer wanted.
A future dependency resolution could install newer package versions than the author tested.
The Python dependencies use lower-bound version ranges, and the README says bootstrap can install packages from PyPI. This is normal for a Python backend, but dependency versions are not locked in the supplied artifacts.
"httpx>=0.27.0", "pydantic>=2.8.0", "python-dateutil>=2.9.0", "tenacity>=8.3.0", "typer>=0.12.3", "rich>=13.7.1"
Install inside the documented local venv, review dependency sources, and consider pinning or locking dependencies for production use.