ClawHub
Back to skill
v0.1.1

WebChat HTTPS Proxy

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:32 AM.

Analysis

The skill mostly matches its HTTPS proxy purpose, but it installs a persistent local service, reads the OpenClaw gateway token, and its uninstall script can remove more gateway origins than it added.

GuidanceReview the deploy and uninstall scripts before installing. This skill is not clearly malicious, but it will create a persistent HTTPS proxy, edit your OpenClaw gateway config, and read the local gateway token for authentication; back up your OpenClaw config and be careful when enabling LAN access.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/uninstall.sh
cu['allowedOrigins'] = [o for o in orig if f':{port}' not in o]

The uninstall script removes every allowed origin containing the configured port, not only the exact HTTPS origin that this skill added.

User impactUninstalling the skill could break other OpenClaw Control UI origins that happen to use the same port.
RecommendationBack up ~/.openclaw/openclaw.json before uninstalling, and the skill should remove only the exact origin it previously inserted.
Rogue Agents
SeverityMediumConfidenceHighStatusNote
scripts/deploy.sh
Restart=always ... systemctl --user enable --now openclaw-voice-https.service

Deployment creates and enables a user systemd service that restarts automatically and remains active beyond the initial deploy command.

User impactThe HTTPS proxy will keep running in the background until stopped or uninstalled.
RecommendationReview the generated systemd service, verify the bind host and port, and run scripts/uninstall.sh or systemctl --user disable --now openclaw-voice-https.service when it is no longer needed.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
assets/https-server.py
cfg_path = os.path.join(Path.home(), ".openclaw", "openclaw.json") ... return cfg.get("gateway", {}).get("auth", {}).get("token", None)

The proxy reads the local OpenClaw gateway auth token from the user's config so it can compare Bearer tokens for /transcribe requests.

User impactThe skill has access to a local gateway credential, although the visible code uses it for comparison and does not show logging or transmission of the token.
RecommendationOnly install if you are comfortable with this proxy reading the gateway token; avoid exposing the proxy to a LAN unless gateway authentication is configured and needed.