OpenClaw Expansion Pack
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is not obviously malicious, but it asks users to install and run unreviewed external code that can broadly change OpenClaw behavior.
Treat this as a pointer to external projects rather than a fully reviewed, self-contained suite. Before installing, inspect and pin the GitHub repositories, review setup.sh, back up the OpenClaw workspace, and confirm controls for schedules, logs, model budget, prompts, and file/network/exec policies.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed, unreviewed external code could modify the OpenClaw workspace or runtime before the user knows exactly what changes it makes.
The reviewed skill is instruction-only, yet the full install tells the user or agent to execute a shell script from an external, unpinned repository that is not present for review and is described as 'coming soon.'
git clone https://github.com/pfaria32/openclaw-expansion-pack.git ... # Run setup script (coming soon) bash projects/openclaw-expansion-pack/setup.sh
Review the GitHub repositories and setup script before running them, pin specific commits or releases, and require explicit user approval for the setup command.
Stored analysis data or loaded skill descriptions could affect later tasks if they are stale, sensitive, or poisoned by untrusted content.
The advertised self-improvement and capability-awareness components store reusable ledgers and load skill content into prompts, which can influence future agent behavior.
Structured JSONL ledgers (no DB) ... Automated improvement suggestions ... Skill descriptions in agent prompt ... On-demand SKILL.md loading
Configure what data is logged, how long it is retained, and which skill sources are trusted before enabling these features.
Recurring analysis could continue consuming resources or shaping recommendations beyond the immediate task if enabled without clear controls.
The documentation indicates recurring analysis behavior; this is aligned with the self-improvement purpose but the scheduling and stop controls are not described in this package.
Two-tier analysis system (daily fast + weekly deep)
Enable scheduled analysis only with visible configuration for frequency, budget limits, outputs, and an easy disable path.
Users may over-trust the advertised security and cost claims unless they independently verify the external repositories.
The skill makes strong security and production-readiness claims while the main meta repository/setup is marked as coming soon and the implementation is not bundled in the reviewed artifact.
Enterprise-grade protection ... These skills are production-tested ... Meta Repository: https://github.com/pfaria32/openclaw-expansion-pack (coming soon)
Treat the claims as unverified until you inspect the linked repositories, release history, tests, and operational documentation.