wanjie-openclaw-video

Things to consider before installing: - This skill will read ~/.openclaw/openclaw.json and use the apiKey it finds there to call https://maas-openapi.wanjiedata.com. If you don't want the skill to have access to that key, do not install it or inspect/modify the code to accept an explicit, limited key. - The manifest does not declare the required config path or credential, but the code uses it — ask the author to declare required config paths or change to use a named env var so you can control which key is used. - The skill can auto-install Python packages at runtime (requests) and spawns detached background Python processes. If you prefer to control installs and processes, review and run the code manually in a sandboxed environment first. - The worker opens the first URL returned by the remote service in your browser automatically. That URL may be attacker-controlled if the remote service is compromised; consider disabling automatic opening or inspect the returned URL before clicking. - SKILL.md claims a Windows scheduled task will be created; no code does that. Confirm with the author whether additional install steps are needed or whether documentation is stale. - If you decide to proceed, run the skill in an isolated environment (VM/container/user account) and audit ~/.openclaw/openclaw.json contents and permissions. Ask the developer to (a) explicitly declare required config paths/credentials in the manifest, (b) avoid automatically opening external URLs, and (c) provide a reproducible installation mechanism for any background scheduler they claim to create.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.