Skillv1.0.0

ClawScan security

OpenClaw Direct Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 3:20 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an installer that generally does what it claims, but it performs multiple remote installs (curl|sh, npm -g, pulling models and third‑party skills) which increases risk and deserves caution before running.
Guidance: This installer is coherent with its stated purpose, but it performs multiple network installs and executes downloaded code: (1) it runs a remote install script from ollama.com via curl | sh, (2) runs npm -g installs, and (3) pulls models and GitHub skills (clawhub install). These actions can pull arbitrary code onto your machine. Before running it, consider: - Review the remote install scripts and the npm/GitHub packages being installed (openclaw, clawhub, ningtoba/pc-assistant, event-monitor, and the named model). - Prefer running in an isolated environment (VM or disposable machine) or inspect the scripts line-by-line. - Be cautious about giving sudo for firewall changes; the script may prompt for sudo when modifying system firewall. - If you rely on sensitive local data or secrets, do not run unverified installers on your main workstation. - If you decide to proceed, keep backups and monitor network/activity during the first run. If you want, I can list the exact network calls and packages the scripts will fetch and explain what to look for on those upstream endpoints.

Review Dimensions

Purpose & Capability: okName/description match the provided artifacts: scripts create a local OpenClaw config, install openclaw/clawhub packages, install models/skills, and start local services. Nothing obvious is requested that is unrelated to an installer.
Instruction Scope: noteSKILL.md directs the user to run platform install scripts which: install Ollama via a remote install script, pull models from Ollama, install npm packages globally, and run clawhub to install GitHub skills. The instructions do not read unrelated secrets or exfiltrate data, but they grant broad discretion to fetch and execute third‑party code.
Install Mechanism: concernThere is no formal install spec, but setup.sh pipes a remote script from https://ollama.com/install.sh into sh and runs npm -g installs and clawhub installs. These are legitimate for an installer but are high‑risk operations because they execute code fetched from the network (remote install script, model pulls, and GitHub skill installs).
Credentials: okThe skill does not declare or require credentials or config paths beyond writing to ~/.openclaw. create-config.js generates a local token and writes config to the user's home directory. No unrelated environment variables or secrets are requested.
Persistence & Privilege: noteThe installer installs global npm packages, starts background services (ollama, OpenClaw gateway), and may add firewall rules (via sudo). It does not request 'always: true' or modify other skills' configs, but it does increase system presence and can install components that run persistently.