Dynamic Tool
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does what it says, but it recommends broad shell access by default and suggests patching OpenClaw internals, so it should be reviewed before use.
Install only if you are comfortable with a policy skill influencing tool choice. Review or modify it so `exec` is not recommended by default, and be cautious about applying the optional OpenClaw dist-bundle patching guidance.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent follows this recommendation, it may keep broad shell-command capability in scope even for ordinary requests where shell access is unnecessary.
The recommender includes the `exec` shell tool for every user message, not only for explicit weather or shell-related requests.
const selected = new Set();
selected.add("exec");Only recommend `exec` for explicit, user-directed cases such as weather lookups or shell tasks, and prefer an allowlisted command pattern or user confirmation for shell execution.
A manual core-runtime patch could affect all future tool selection behavior and may be hard to audit or revert if copied from outside this package.
The README suggests manually modifying OpenClaw's bundled runtime and relying on external, non-included patch logic.
Full “dynamic tool” behavior ... is currently implemented by patching the OpenClaw dist bundle (e.g. `auth-profiles-*.js`) ... See the [OpenClaw Feishu Ollama Summary](https://github.com/your-repo/CLawFeishu/blob/main/OPENCLAW-FEISHU-OLLAMA-SUMMARY.md) ... for the exact logic.
Avoid patching OpenClaw dist files from external instructions unless you review the exact code, pin the source, back up the original files, and have a clear rollback plan.