Weclaw Installer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This installer deserves review because it delegates setup to a missing external Python module while also requesting an API key and macOS Accessibility permission.
Before installing, inspect or obtain the missing setup_package.py and verify the exact GitHub source or commit. Provide only a least-privileged API key, enable macOS Accessibility only for a trusted app, and do not run the ClawHub publish commands unless you intentionally want to publish a skill.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the documented setup may fail or may execute installer code that was not included in this review, including code that handles local installation and the provided API key.
The runnable wrapper imports the real setup implementation from setup_package.py, but the provided manifest contains only SKILL.md and scripts/run_setup.py. The main installer logic is therefore outside the reviewed skill artifacts.
from setup_package import setup_openclaw_package
Bundle setup_package.py in the skill package or pin and verify the exact external repository/commit before executing it.
If a different setup_package.py exists in that parent path, the setup command could execute unintended local code with the user's permissions.
The script adds a parent repository/workspace directory to Python's import path before importing setup_package, so it can load code outside the skill's own directory.
repo_root = _repo_root(); sys.path.insert(0, str(repo_root))
Import only from a package-local, reviewed path and avoid adding broad parent directories to sys.path.
The API key may grant access to a service account, and macOS Accessibility lets the approved app automate or observe parts of the desktop.
The skill discloses that it needs an API key and macOS Accessibility permission. These are purpose-aligned for a bot setup, but they are sensitive permissions.
Ask the user for the required API key ... enable it for the terminal/app running the automation.
Use the least-privileged API key available, avoid passing secrets on the command line when possible, and enable Accessibility only for trusted apps you intend to use.
If an agent treated these author-only commands as setup steps, it could attempt to publish from the user's ClawHub account.
SKILL.md includes ClawHub publishing commands that appear to be author documentation rather than part of the WeClaw install workflow.
clawhub publish skills/weclaw-installer --version 1.0.0 --slug weclaw-installer
Remove publisher instructions from the runtime skill, or clearly mark them as author-only and not to be run during WeClaw installation.