Skillv1.0.0

ClawScan security

Gia Openclaw Setup Guide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 3:31 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The instructions match a legitimate OpenClaw onboarding purpose, but they ask you to run a remote install script and install a daemon without providing provenance (homepage/source), which is risky — review before running.
Guidance: This guide appears internally consistent with an OpenClaw setup, but exercise caution before running the recommended install steps. Specifically: (1) Do not blindly run curl <remote-script> | bash — instead fetch the install.sh, inspect its contents, and verify its source (repository, release page, GPG checksum) or prefer an official package manager or documented release. (2) Installing a daemon and setting cron jobs gives persistent background access — review what the daemon installs, which files it writes (e.g., ~/.openclaw), and what network endpoints it contacts. (3) Limit bot tokens and use dedicated accounts with minimal permissions; don't reuse high-privilege credentials. (4) If unsure, run the installer in an isolated environment (VM/container) or request the install script/repo URL and a checksum so you can audit it. Providing the install.sh contents, a repository/homepage, or an official release URL would increase confidence.

Review Dimensions

Purpose & Capability: okThe skill's name, description, and runtime instructions align: it guides installing OpenClaw, connecting messaging channels, configuring skills, and setting up workflows. Required actions such as providing channel bot tokens and creating identity files are coherent with the stated purpose.
Instruction Scope: noteInstructions stay within setup/installation scope and do not ask for unrelated secrets or system reads. However the SKILL.md directly instructs running system-altering commands (curl|bash installer, sudo chown, installing a daemon, creating cron jobs), so the agent would be guided to perform privileged, persistent changes to the host.
Install Mechanism: concernThe guide tells the user to run curl -fsSL https://openclaw.ai/install.sh | bash. Piping an opaque remote script to a shell is a high-risk pattern because it executes code fetched at runtime without review. The domain appears to match the product name but the skill provides no repository, release URL, or homepage to verify the script's contents or integrity.
Credentials: okThe skill does not request unrelated environment variables or credentials. It expects users to provide channel-specific bot tokens when connecting Telegram/Discord/Slack, which is appropriate for the stated functionality.
Persistence & Privilege: noteThe guide instructs installing a daemon (openclaw onboard --install-daemon) and configuring cron/heartbeats, which creates long-running, persistent behavior on the host. The skill itself is not marked always:true, but following these instructions installs persistent components — users should be aware of the runtime privileges and network access those components will have.