OpenClaw Operations Bundle
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate OpenClaw operations bundle, but its manual installer has a path/provenance problem and creates scheduled jobs, so it should be reviewed before use.
Review and preferably fix openclaw-install.sh before running the manual installer. If you install it, inspect the created cron jobs, keep backups before repair/reset commands, and explicitly approve any command that reads or changes secrets, sessions, channels, plugins, or OpenClaw configuration.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the manual installer could install or execute unintended local files if a parent directory contains matching skills or scripts.
The script is located at the package root, so setting BUNDLE_DIR to the parent of SCRIPT_DIR can make the installer copy skills/scripts and execute release-tracker.py from outside the reviewed bundle. That is a concrete install provenance and scoping concern.
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
BUNDLE_DIR="$(dirname "$SCRIPT_DIR")"
...
for skill_dir in "$BUNDLE_DIR/skills"/*/; do ... cp -r "$skill_dir" "$OPENCLAW_SKILLS_DIR/"
...
cp "$BUNDLE_DIR/scripts/"*.py "$OPENCLAW_SKILLS_DIR/openclaw-master-ops/scripts/" ...
python3 scripts/release-tracker.py syncFix the installer to use the package root directly, for example BUNDLE_DIR="$SCRIPT_DIR", fail closed when expected files are missing, and review the script before running it.
The bundle may continue running release checks after installation until the cron jobs are removed.
The installer creates persistent scheduled OpenClaw jobs. The README also discloses weekly sync and daily checks, so this is purpose-aligned but still background persistence.
openclaw cron add --name "release-tracker-sync" --cron "0 3 * * 0" --message "python3 $OPENCLAW_SKILLS_DIR/openclaw-master-ops/scripts/release-tracker.py sync" ... openclaw cron add --name "release-tracker-check" --cron "0 8 * * *" --message "python3 $OPENCLAW_SKILLS_DIR/openclaw-master-ops/scripts/release-tracker.py skill-update"
After installation, run openclaw cron list and keep, edit, or remove these jobs according to your operational needs.
If followed without review, these commands could change or remove OpenClaw state or alter installed components.
The operations reference includes commands that can change system configuration, reset OpenClaw state, or bulk-update installed skills. This matches the admin purpose, but these are high-impact actions.
openclaw security audit --fix ... openclaw reset --all # Full reset ... clawhub update --all
Require explicit user confirmation, take backups first, and prefer dry-run or status commands before running repair, reset, update, publish, or delete operations.
An agent using these instructions may view, modify, or delete authentication material if the user grants it shell access.
The security playbooks intentionally access and rotate gateway tokens and stored secrets. This is expected for a security operations skill, but it involves privileged credentials.
openclaw config get gateway.auth.token ... openclaw secrets list openclaw secrets delete <compromised-secret> openclaw secrets set <secret> <new-value>
Do not paste real secrets into chat unnecessarily, use SecretRef where possible, redact outputs, and approve each credential-read or credential-change command explicitly.
Unexpected text in release notes could influence recommendations if it is loaded into agent context without labeling or filtering.
The release tracker stores external release-note content and can export it for later skill context. That is useful for release tracking, but retrieved text should be treated as data, not as authoritative agent instructions.
- **Syncs releases** from GitHub API (last 10 versions) - **Exports JSON** for skill context loading
Keep exported release data clearly marked as untrusted reference content and avoid following instructions embedded in changelogs or release notes.