OpenClaw Helper
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the wrong command, IP, or configuration value could break the OpenClaw deployment or restart the wrong service.
The skill documents root SSH commands that modify OpenClaw configuration and restart a service. This is coherent with deployment troubleshooting, but mistakes could affect a remote server.
ssh root@<IP> '... openclaw config set "models.providers.<名称>" ...' ; ssh root@<IP> 'systemctl --user restart openclaw-gateway.service'
Verify the target server, command contents, and configuration values before running any SSH command.
If these credentials are pasted into the wrong place, logged, or shared, someone else may be able to use the model provider or Feishu app.
The instructions require model provider API keys and Feishu application secrets. These credentials are expected for the stated integrations, but they are sensitive.
"apiKey": "<API_Key>" ... "appId": "<App_ID>", "appSecret": "<App_Secret>"
Use least-privilege credentials where possible, avoid sharing logs containing secrets, and rotate keys if they are exposed.
Users may rely on deployment commands without an obvious upstream source to verify them.
The skill has limited provenance information. Because it is instruction-only, this is not by itself suspicious, but the commands should be compared against trusted OpenClaw documentation before use.
Source: unknown; Homepage: none
Cross-check the suggested commands and configuration keys with official OpenClaw and Feishu documentation.