Crabwalk
WarnAudited by ClawScan on May 10, 2026.
Overview
Crabwalk appears related to monitoring, but it asks to install an unreviewed latest-release binary, use the local OpenClaw gateway token, and expose agent/workspace data over the network without clear access controls.
Review carefully before installing. Only proceed if you trust the Crabwalk release source, understand that it may read your OpenClaw gateway token, and can restrict who can access the monitor URL. Prefer running it locally or behind trusted access controls, and stop any daemon when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may run software that was not analyzed in the submitted artifact, and the exact installed version can change over time.
The install flow fetches the latest release at runtime and installs a downloaded executable, while the registry package contains no code or install spec for review. This creates a provenance and version-control gap.
curl -s https://api.github.com/repos/luccast/crabwalk/releases/latest ... curl -sL ... | tar -xz -C ~/.crabwalk && cp ~/.crabwalk/bin/crabwalk ~/.local/bin/ && chmod +x
Only run the install after explicit user approval. Prefer a pinned release with checksums or signatures, a declared install spec, and source/release provenance that users can verify.
The monitor could gain access to the user's OpenClaw gateway session and agent activity through local credentials.
The skill uses a local OpenClaw gateway token, but the registry metadata declares no primary credential or required config path. The artifact does not clearly bound what the token permits, where it is sent, or how it is protected.
-t, --token <token> Gateway auth token (auto-detects from ~/.openclaw/openclaw.json)
Declare the credential/config dependency, require explicit user consent before reading the token, document exactly what is accessed, and use the least-privileged token possible.
Agent activity and local workspace files could be visible to other people or devices on the network if the service lacks strong access controls.
The skill encourages sharing a network-accessible HTTP monitor and advertises a workspace file browser, but the artifact does not describe authentication, authorization, or path limits.
Share the `http://192.x.x.x:3000` (network IP) link with your human, not localhost ... `/workspace` — File browser and markdown viewer
Bind to localhost by default, require authentication for remote access, clearly limit what workspace paths are exposed, and only share the URL on trusted networks.
A background monitor may continue running and serving data until stopped.
The background server mode is disclosed and includes a stop command, but it means the monitor can persist beyond the initial terminal session.
crabwalk start --daemon # Run in background crabwalk stop # Stop background server
Use daemon mode only when intended, check `crabwalk status`, and stop the service when monitoring is no longer needed.