OpenClaw Helper
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-helper Version: 1.0.0 The skill instructs the AI agent to construct and execute powerful remote commands via `ssh root@<IP>` for OpenClaw deployment and troubleshooting. These commands involve embedding user-provided values (e.g., IP addresses, API keys, app secrets, proxy URLs) directly into shell commands and JSON configuration strings. This design introduces a significant vulnerability for prompt injection and potential remote code execution (RCE) on the target server if the AI agent does not rigorously sanitize user input before substitution. While the commands are for legitimate system administration, the method of execution poses a high risk, classifying it as suspicious due to the RCE vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the wrong command, IP, or configuration value could break the OpenClaw deployment or restart the wrong service.
The skill documents root SSH commands that modify OpenClaw configuration and restart a service. This is coherent with deployment troubleshooting, but mistakes could affect a remote server.
ssh root@<IP> '... openclaw config set "models.providers.<名称>" ...' ; ssh root@<IP> 'systemctl --user restart openclaw-gateway.service'
Verify the target server, command contents, and configuration values before running any SSH command.
If these credentials are pasted into the wrong place, logged, or shared, someone else may be able to use the model provider or Feishu app.
The instructions require model provider API keys and Feishu application secrets. These credentials are expected for the stated integrations, but they are sensitive.
"apiKey": "<API_Key>" ... "appId": "<App_ID>", "appSecret": "<App_Secret>"
Use least-privilege credentials where possible, avoid sharing logs containing secrets, and rotate keys if they are exposed.
Users may rely on deployment commands without an obvious upstream source to verify them.
The skill has limited provenance information. Because it is instruction-only, this is not by itself suspicious, but the commands should be compared against trusted OpenClaw documentation before use.
Source: unknown; Homepage: none
Cross-check the suggested commands and configuration keys with official OpenClaw and Feishu documentation.