Approve Pairing
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill does what it says, but it directly changes OpenClaw credential allowlists and has weak safeguards around file paths and sensitive pairing codes.
Review carefully before installing. Only use this for pairing requests you personally recognize, because it bypasses the normal CLI approval path and persistently edits OpenClaw credential files. Avoid running it with untrusted channel names or codes, and be aware that failed attempts may reveal pending pairing codes in the transcript or logs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A sender can be added to the OpenClaw DM allowlist, potentially allowing that sender to interact with the user's agent through a messaging channel.
The skill intentionally grants DM pairing access by modifying credential/allowlist files directly, which is high-impact delegated access even though it is disclosed.
Approve pending DM pairing requests by writing directly to OpenClaw credential files — no CLI required.
Use only for a pairing request the user explicitly recognizes and approves. The skill should declare the credential path it needs, require confirmation before mutation, and document how to reverse an approval.
If invoked with unexpected channel or accountId values, the script could read or write unintended JSON files rather than only the intended OpenClaw pairing files.
The script documents supported channels but does not enforce a channel whitelist or sanitize path components before using them in read/write paths.
channel_arg = sys.argv[1].lower().strip()
pairing_path = creds / f"{channel}-pairing.json"
allow_path = creds / f"{channel}-{account_id}-allowFrom.json"Enforce the listed channel whitelist, reject path separators and absolute paths in channel/accountId values, and verify resolved paths remain inside the intended credentials directory.
Pending pairing codes could be revealed to anyone who can see the transcript or logs, making it easier to approve an unintended pairing while the codes are valid.
On a failed match, the script prints all pending pairing codes from the credential file, which can expose sensitive approval codes into logs or the agent conversation context.
print(f"Pending codes: {[r.get('code') for r in requests]}")Do not print full pending codes by default. Show only a count or masked values, and require explicit user confirmation before displaying sensitive pairing details.