Don't Be Scary
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: dont-be-scary Version: 1.0.0 The skill 'dont-be-scary' provides an automated update and rollback mechanism for OpenClaw on macOS. It exhibits high-risk behaviors including reading Telegram bot tokens and chat IDs from the user's 'openclaw.json' configuration, executing detached background scripts via 'nohup' to survive service restarts, and performing recursive deletions and restorations in sensitive directories like '/Applications' and '/opt/homebrew' (scripts/safe-update.sh). While these actions are aligned with the stated purpose of a 'safe update' utility, the combination of credential access, system-level file modification, and instructions for a 'rescue' AI to perform manual recovery (references/rescue-prompt.md) constitutes meaningful high-risk behavior that warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run, the skill can change or replace the local OpenClaw installation and restart the gateway.
The script can run the OpenClaw updater and, during rollback, remove and restore the OpenClaw npm package and app bundle. This is expected for the skill's purpose, but it is high-impact local mutation.
"$OC_BIN" update --json > "/tmp/openclaw-update-${TS}.update.json" 2>&1 ... rm -rf "$NPM_DIR" ... rm -rf "$APP_DIR"Use it only when you intend to update OpenClaw on the target Mac, and avoid setting path override environment variables unless you are sure they point only to the OpenClaw installation.
The skill can send Telegram messages using the configured OpenClaw Telegram bot.
The script reads a Telegram bot token from the user's OpenClaw config and uses it to send update status messages. This is disclosed and purpose-aligned, but it is credential use.
print(cfg['channels']['telegram']['accounts']['$TG_BOT']['botToken']) ... curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage"Confirm the Telegram bot and chat target are the ones you expect, and rotate the bot token if you no longer trust the local environment.
After launch, the update continues even if the current agent session ends.
The skill intentionally launches a detached background script so it can survive the gateway restart. This is disclosed and limited to the update workflow.
nohup "<path-to-skill>/scripts/safe-update.sh" </dev/null >/dev/null 2>&1 & disown ... Do not wait for the script to finish
Monitor the Telegram updates or the /tmp/openclaw-update-*.log file, and stop the process manually only if you need to interrupt the update.
The skill may appear installable on unsupported systems or without prerequisites, though the script has some runtime checks.
The registry metadata does not enforce the Mac-only environment or required tools that SKILL.md describes, so compatibility checks rely on the instructions and script preflight instead of metadata.
OS restriction: none; Required binaries (all must exist): none; Required env vars: none
Use only on macOS with a brew cask OpenClaw install, launchctl, python3, curl, and Telegram configured; the package metadata should ideally declare these requirements.