OpenClaw HTTPS Setup
v1.0.0Automate secure HTTPS setup for OpenClaw Gateway on a VPS by configuring Nginx reverse proxy with SSL certificates and domain redirection.
⭐ 0· 61·0 current·0 all-time
by@nanue1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the provided instructions and script: both configure Nginx as a reverse proxy and obtain/renew Let's Encrypt certificates for OpenClaw Gateway. Required system privileges (sudo) and package installs are consistent with that goal.
Instruction Scope
Instructions and script perform expected system actions (install packages, configure /etc/nginx, stop/start Nginx, run certbot, and add a cron job). They do not attempt to read unrelated files or exfiltrate data. Minor scope issues: SKILL.md says 'Root/administrator privileges' while the script explicitly exits if run as root (it expects a sudo-enabled user). The script also writes a user crontab (not root crontab), which may not have permission to renew certificates—this is a functional inconsistency, not an obvious malicious behavior.
Install Mechanism
No install spec; the skill is instruction-plus-script only. The script uses the system package manager (dnf/apt) via sudo to install nginx/certbot, which is expected. Nothing is downloaded from unknown external URLs.
Credentials
The skill does not request environment variables, tokens, or credentials. It only requires a domain name and email (script parameters) and sudo privileges to change system configuration—appropriate for the stated task.
Persistence & Privilege
The script makes persistent changes: creates /etc/nginx/conf.d/openclaw-<domain>.conf, enables/starts nginx, and installs a crontab entry for certbot renewal. always:false and no cross-skill config modifications. These persistent changes are expected for this functionality but are high-impact, so they merit review before execution.
Assessment
This script appears to do what it claims: install/configure Nginx, obtain Let's Encrypt certificates, and add a renewal cron job. Before running it: 1) Review the script line-by-line and back up existing /etc/nginx configs. 2) Note the script expects you to run it as a non-root user with sudo (it exits if run as root) — reconcile this with any README that says 'run as root'. 3) Confirm the cron job will run with sufficient privileges to renew certificates (the script installs the cron entry for the invoking user, which may lack permissions to write /etc/letsencrypt unless renew is run via sudo/root crontab). 4) Ensure port 80 is reachable (Let's Encrypt validation) and that stopping/starting Nginx is acceptable for your environment. 5) If you plan to let an agent invoke this skill autonomously, be cautious: it will perform system-level changes and create persistent jobs. If anything is unclear, test on a non-production VPS or run steps manually rather than running the script unmodified.Like a lobster shell, security has layers — review code before you run it.
httpsvk97ert73qgp3f42rbas7yy5h0h840vn5latestvk97ert73qgp3f42rbas7yy5h0h840vn5nginxvk97ert73qgp3f42rbas7yy5h0h840vn5openclawvk97ert73qgp3f42rbas7yy5h0h840vn5sslvk97ert73qgp3f42rbas7yy5h0h840vn5vpsvk97ert73qgp3f42rbas7yy5h0h840vn5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.