openclaw-insight
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it could run unreviewed code on your machine before you have confirmed what it does.
The recommended setup executes a mutable remote install script and installs a downloaded binary, while the reviewed package contains only instructions and no code or install spec to validate that behavior.
curl -fsSL https://raw.githubusercontent.com/linsheng9731/openclaw-insight/main/install.sh | bash ... Download the appropriate binary release
Inspect the installer and release artifacts first, prefer a pinned version with independently verifiable checksums, and avoid piping remote scripts directly to bash unless you trust the source.
The generated report may summarize or expose private details from your local AI assistant history.
The tool is documented as reading local OpenClaw session metadata and transcripts to generate reports; this is purpose-aligned, but those files may contain sensitive prompts, outputs, or workflow details.
~/.openclaw/ agents/{agentId}/ sessions/ sessions.json ... {sessionId}.jsonl # Per-session conversation transcriptsLimit the analysis window and agent scope when possible, review generated reports before sharing them, and only run the tool if you are comfortable with it processing your local session history.