Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ohmyopenclaw
v1.0.0AI-native configuration and setup guides for OpenClaw
⭐ 0· 359·0 current·0 all-time
byZ.Y. Ma@maxzyma
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name and description claim configuration/setup guides for OpenClaw and the included markdown files do provide such guides (agent-swarm, memory, monitoring, provider configuration, cost). That capability justifies most of the changes the guides suggest (editing openclaw.json, creating workspace files, enabling heartbeats/cron jobs). However, some suggested actions (scanning /var/log, checking GitHub issues, configuring external webhooks) expand the skill's reach beyond purely local config guidance; these actions are plausible for a monitoring/automation guide but should have been declared explicitly in metadata (no required env/config paths were declared).
Instruction Scope
The SKILL.md instructs the AI to execute configuration changes, create cron jobs, scan system logs (/var/log/myapp), scan code and GitHub issues, spawn agents, and update local state under ~/.openclaw. Those are powerful operations that can touch system logs and external endpoints. The guide also tells users to run remote installer commands (curl | bash and PowerShell iEx). The instructions do not declare or surface exactly what network callbacks/webhooks will be used; some examples include external endpoints (hooks.slack.com, api.example.com) which could be used for notifications or, if misconfigured, exfiltration.
Install Mechanism
There is no formal install spec in the registry, but the SKILL.md provides explicit install commands that pipe remote content into a shell: 'curl -fsSL https://get.ohmyopenclaw.dev | bash' and PowerShell 'irm https://get.ohmyopenclaw.dev/install.ps1 | iex'. The domain get.ohmyopenclaw.dev is not a well-known release host; installing arbitrary scripts from an unknown host is high risk because it executes remote code without review.
Credentials
Registry metadata lists no required environment variables, yet the Chinese providers guide and other docs instruct users to create ~/.openclaw/.env with many API keys (QWEN_API_KEY, ZHIPU_API_KEY, ERNIE_API_KEY/SECRET, DEEPSEEK_API_KEY, optional ANTHROPIC_API_KEY, etc.). The skill thus expects sensitive credentials to be provided and stored, but the metadata does not declare these requirements. That mismatch is an incoherence and increases risk: the agent may request secrets at runtime that were not signaled at install time. The guides also suggest adding webhook URLs and potentially storing those in config files.
Persistence & Privilege
The skill is not marked 'always: true' and model invocation is allowed (the default). It asks the AI to create cron jobs, heartbeat actions, and persistent files under ~/.openclaw (tasks, memory, monitoring). Those are reasonable for a configuration/monitoring skill, but they give the skill ongoing presence (periodic scans and automatic agent spawning) if the agent applies the guides. Because autonomous invocation is allowed by default, that combination amplifies risk if the skill or its installer is malicious — this is worth consideration but is not flagged as a metadata privilege misconfiguration.
What to consider before installing
Before installing or allowing this skill to run automatically:
- Do not run the provided 'curl | bash' or PowerShell 'iex' installer without auditing the remote script; prefer a vetted release (GitHub release tarball, signed binary, or manual inspection). The domain used by the installer (get.ohmyopenclaw.dev) is not a known trusted host.
- Review the repository and installer script contents (or ask the author for a release tarball) so you know exactly what will be written and executed on your machine.
- Expect the guides to request many API keys and to modify local config files under ~/.openclaw; only provide credentials you trust and store them securely (do not paste secrets into chat).
- Be cautious about enabling cron jobs/heartbeats and webhooks: they cause periodic scanning and external callbacks. Inspect any webhook endpoints and restrict network access (use firewall rules, vetted endpoints).
- The monitoring guide instructs scanning /var/log/myapp and GitHub issues; if you enable those, ensure the agent has only the minimum required file access and that sensitive logs are not exposed.
- If you want to proceed, consider: (1) manually applying guide steps instead of granting autonomous execution; (2) running the installer in an isolated environment or container; (3) backing up existing openclaw.json and workspace files so you can revert changes; (4) limiting the skill's access to credentials and network at the OS or container level.
Reason for rating: the skill is generally coherent with its stated purpose but includes high-risk installer commands, undocumented secret requirements, and instructions that allow system-level scanning and network callbacks — together these are suspicious and warrant manual review before trusting automatic installation or autonomous operation.Like a lobster shell, security has layers — review code before you run it.
latestvk978f8bwyghzmqzmvxb6e17ge5820raw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.