Phy Openclaw Multibot Audit

The skill is an instruction-only checklist for auditing multi-tenant OpenClaw Telegram bots; its requested access (reading and checking OpenClaw config/provisioning files) matches its stated purpose and there is no install or unrelated credential requirement.

This skill is a coherent audit checklist and does what it says: it needs access to OpenClaw config, provisioning scripts, and workspace directories to perform checks. Before running it (especially with an agent that can run Bash/Write/Edit): - Review the SKILL.md yourself. The file includes example remediation commands (cp, chmod, mkdir) that will modify system state if executed; prefer to run only the read/check steps first. - Run the audit on a staging/test instance or with read-only access if possible, not directly on a production host, until you trust the remediation steps. - Be careful about copying auth-profiles.json or other credential files: some suggested fixes in the doc involve copying credentials into per-agent directories — that can spread sensitive keys and should be examined for security implications. - Ensure the agent performing the audit has the minimum necessary filesystem permissions and does not have unrestricted ability to execute arbitrary shell commands on production hosts unless you explicitly intend that. Overall, the skill is internally consistent with its stated purpose, but treat its example fix commands as actions to review before execution.