ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Approve Pairing

v2.0.0

Approve a pending DM pairing request without the openclaw CLI, by directly editing credential files. Use when `openclaw pairing approve` is unavailable (CLI...

0· 885·0 current·0 all-time
by@madan-wego
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The Python script reads and writes the same ~/.openclaw/credentials files the SKILL.md describes and implements the described approve-by-editing workflow. No unrelated binaries, services, or credentials are requested.
Instruction Scope
Instructions are narrowly scoped to reading and updating pairing/allowlist JSON files. Minor inconsistencies between SKILL.md and the script: SKILL.md says a missing/empty accountId should map to '<channel>-default-allowFrom.json', while the script uses '<channel>-allowFrom.json' for an absent accountId. SKILL.md also does not document the optional OPENCLAW_CREDENTIALS_DIR environment variable the script supports.
Install Mechanism
No install spec is present (instruction-only skill with one included script). Nothing is downloaded or installed; the risk surface is limited to running the provided local script.
Credentials
The skill requests no credentials and does not call external endpoints. It does read an optional OPENCLAW_CREDENTIALS_DIR env var (not declared in the SKILL.md). This is reasonable but should be noted because it can change which files are modified.
Persistence & Privilege
The skill is not always-on, does not request elevated platform privileges, and does not modify other skills or global agent configuration. Its effect is limited to filesystem edits in the credentials directory.
Assessment
This skill directly edits your OpenClaw credential files to approve a sender. That is the intended behavior, but it's powerful: only run the script locally on a machine you trust and after verifying the pairing code and sender ID. Before running, (1) inspect the script (it's included) to confirm it will target the correct credentials directory; (2) back up ~/.openclaw/credentials; (3) be aware of the documentation mismatch — the script uses '<channel>-allowFrom.json' for empty accountId whereas the SKILL.md mentions '<channel>-default-allowFrom.json'; and (4) note the script respects OPENCLAW_CREDENTIALS_DIR if set (SKILL.md doesn't mention this). Prefer the official 'openclaw pairing approve' CLI when available; use this only when you understand and accept the filesystem changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk975n92jkb92cgfabk9nq0b2e581pfnc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments