ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Helper

v1.0.0

OpenClaw 部署与故障排查速查表,提供9阶段部署导航、常见错误解决方案和日志关键字说明

0· 409·1 current·1 all-time
by@mwangxiang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (OpenClaw deployment & troubleshooting) align with the content of SKILL.md: staged deployment checklist, configuration commands, channel setup, restart/log commands and diagnostic tips. The instructions and examples relate directly to OpenClaw and Feishu integration; there are no unrelated requirements.
Instruction Scope
SKILL.md directs the operator to run SSH commands as root (ssh root@<IP> '...') that set config values, restart user services, and read config files (/root/.openclaw/openclaw.json). This is within scope for a deployment helper, but it does involve high-privilege remote operations and editing/storing secrets (appSecret, apiKey) in the service config. Users should not run commands blindly on production hosts and should verify commands and provenance first.
Install Mechanism
No install spec and no code files—instruction-only. This is low-risk from an installation/execution standpoint because nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The instructions do, however, show how to place API keys and app secrets into OpenClaw's configuration (channels.feishu, models.providers). That is expected for a deployment guide, but users should ensure secrets are handled securely (avoid pasting into untrusted logs or chat) and prefer least-privilege credentials.
Persistence & Privilege
The skill does not request persistent presence (always:false) nor attempt to modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Scan Findings in Context
[NO_CODE_FILES] expected: Scanner found no code files to analyze—this is expected because the skill is instruction-only. Absence of findings does not eliminate risk from following the instructions on your systems.
Assessment
This skill is a coherent OpenClaw deploy/troubleshoot checklist. Before using it: (1) Review every ssh command before executing on your servers—these run as root and modify config; (2) Never paste secrets into public or shared channels; prefer scoped, rotateable keys and limit permissions; (3) Back up configuration files before changing them and test in a staging environment if possible; (4) Verify the skill's source/trustworthiness since the repository/homepage is unknown; ask an administrator to run commands if you are not comfortable with root-level operations.

Like a lobster shell, security has layers — review code before you run it.

latestvk977h3nzwd4gng5bfy9s5nsv7181va8q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments