ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Deploy Guide

v1.0.0

Interactive deployment guide for OpenClaw local capabilities. Walks through installing the Memory Stack (qmd + LosslessClaw), vid2md, WeChat plugin, and main...

0· 29·0 current·0 all-time
by@ottoprua
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the instructions: the guide installs qmd, LosslessClaw, a memory manager skill, vid2md, a WeChat plugin, and cron jobs, and the SKILL.md contains step-by-step checks and config edits required to do that.
Instruction Scope
Instructions read and modify user OpenClaw config (e.g., ~/.openclaw/openclaw.json), create workspace collections, restart the gateway, clone repos, install packages, and add cron jobs — all expected for a deploy guide. The guide also tells the user to download large ASR/vision models and optionally run third-party installers; these are within scope but worth user review before execution.
Install Mechanism
The skill is instruction-only (no automated installer). However, it suggests running remote install commands (e.g., curl -fsSL https://bun.sh/install | bash) and downloading ASR/vision models from third parties. Those recommendations are common but carry the usual risk of running remote install scripts without inspection.
Credentials
The skill requests no environment variables or credentials. It does configure model provider choices (e.g., 'anthropic' / 'claude-haiku-4-5') but does not itself request API keys — any provider credentials would be separate and are reasonably out-of-band for a deployment guide.
Persistence & Privilege
always is false and there is no attempt to modify other skills' configs beyond writing to the user's OpenClaw config and installing plugins/components for OpenClaw — expected for this purpose.
Assessment
This is a coherent, instruction-only deployment guide, but exercise normal caution before running commands it recommends. Specifically: 1) Back up ~/.openclaw/openclaw.json before making edits. 2) Inspect any remote install commands (e.g., curl | bash for bun) before running them, or install via your platform package manager if available. 3) Expect large downloads when pulling ASR/vision models — verify their sources. 4) Ensure you have appropriate API credentials if you configure external model providers (Anthropic, OpenAI, etc.). 5) Review and confirm cron job changes before applying. If you want, I can highlight every command that will be run and explain what it does line-by-line before you execute anything.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ay7qergwngccfyp2afrw0h842jnc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments