WeCanBot Base

WeCanBot Base appears aligned with its stated purpose, but it asks users to force an unsafe install while running a local UI service, dynamically loading app code, and handling local tokens/session data.

Treat this as a powerful local orchestration plugin, not a simple prompt pack. Before installing, confirm you trust the publisher and server endpoint, avoid the unsafe or curl-pipe-shell install paths unless necessary, understand that it can run a local Node UI, read WeCanBot/OpenClaw auth state, store files and SQLite metadata, and dynamically load later app runtimes. Consider testing in an isolated OpenClaw profile and revoking any tokens if you remove it.