ohmyopenclaw
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a setup-guide skill, but some guides enable persistent autonomous monitoring and worker agents, so users should review those settings before applying them.
Install only if you want OpenClaw configuration guides and review each guide before applying it. Be especially careful with the monitor and agent-swarm guides: disable autoSpawn/cron unless you want unattended agents, restrict scan paths, require approval before changes, and protect API keys and memory files.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
OpenClaw may continue scanning, creating tasks, spawning workers, and consuming model/API resources without a fresh prompt for each action.
The guide configures persistent scheduled monitoring and automatic agent spawning, which can keep operating after the initial setup.
"heartbeat": { "enabled": true ... }, "cron": { "enabled": true ... }, "monitoring": { "enabled": true, "autoSpawn": true ... }Only enable cron/heartbeat/autoSpawn if you want unattended automation; otherwise set autoSpawn and cron to false, define a stop/rollback plan, and require user approval before worker execution.
A broad or mistaken scan could lead the agent to inspect sensitive logs, create work items, retry tasks, or modify project files unexpectedly.
The guide authorizes reading application logs and source code and enables automatic recovery behavior, but it does not clearly bound approval requirements for resulting changes.
"scan-error-logs" ... "logPath": "/var/log/myapp" ... "discover-todos" ... "path": "./src" ... "autoRecover": true
Use explicit allowed paths, start in dry-run/report-only mode, and require confirmation before code edits, retries, deployments, notifications, or other state-changing actions.
If a user runs those commands, they are trusting remote code that this review cannot inspect.
The documentation recommends downloading and immediately executing remote installer scripts that are not included in the reviewed skill artifacts.
curl -fsSL https://get.ohmyopenclaw.dev | bash ... irm https://get.ohmyopenclaw.dev/install.ps1 | iex
Inspect the installer first, verify the domain and repository, and prefer a signed or package-manager installation path when available.
Configured providers can incur costs and the keys could be exposed if the .env file is copied or committed.
The provider guide stores AI-provider credentials in a local environment file; this is expected for provider configuration but still grants account/API access.
创建 `~/.openclaw/.env`: ... QWEN_API_KEY=... ZHIPU_API_KEY=... ERNIE_SECRET_KEY=... DEEPSEEK_API_KEY=...
Use least-privilege keys where possible, keep ~/.openclaw/.env out of version control, rotate keys if exposed, and configure only providers you intend to use.
Sensitive or incorrect information saved in MEMORY.md or .memory could be retrieved later and influence future agent behavior.
The memory guide enables persistent searchable memory under .memory; it is scoped and purpose-aligned, but stored memories can be reused across sessions.
"memorySearch": { "enabled": true, "indexDirectory": ".memory", "embeddingModel": "text-embedding-3-small", "topK": 5 }Review memory files regularly, avoid storing secrets, and clear or correct stale/poisoned entries before relying on memory search.
Logs, task summaries, or error details may be sent to third-party channels if the user configures them.
The monitoring guide supports external notification channels and webhooks; these are placeholders/user-configured, but they can transmit task or error details outside the local workspace.
"channels": ["discord", "email"] ... "onError": "https://hooks.slack.com/services/YOUR/WEBHOOK"
Use only trusted webhook URLs and notification channels, redact sensitive logs, and avoid sending secrets or private code details in alerts.