ClawHub

dssb

v1.0.2

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...

0· 33·0 current·0 all-time
by@qinjianfenghzau-wq·duplicate of @tiger-xzp/senpub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim to install/configure ai-assistant-security-openclaw; the bundle contains a Node script that installs the plugin (openclaw plugins install), updates OpenClaw plugin configuration, and restarts the gateway — all consistent with the stated purpose.
Instruction Scope
SKILL.md instructs running scripts/bundle.cjs which reads/writes local state under a .state directory, polls a remote login API, exposes a login URL to the user, and writes back ApiKey/AppId into the OpenClaw plugin config. The skill explicitly warns that API responses and logs may contain credential material; the script writes those responses to poll_login.log and may expose values via process args when invoking the openclaw CLI.
Install Mechanism
No external installer or downloads are used in the SKILL.md; the script is bundled with the skill and executed locally via Node. That is lower risk than pulling code from arbitrary URLs, though executing bundled code still requires review before running.
Credentials
The skill requests no environment variables or unrelated credentials. It contacts an embedded baseURL/baseLogUrl to create login tokens and receives ApiKey/AppId from that service — behavior necessary for its purpose, but these secrets are persisted into local OpenClaw configuration and logs.
Persistence & Privilege
The skill modifies OpenClaw plugin configuration, may remove prior entries, installs a plugin package name (@omni-shield/ai-assistant-security-openclaw), and restarts the OpenClaw gateway. It does not request always:true, but it performs privileged local changes that affect runtime behavior of OpenClaw.
Assessment
This skill appears to be what it says: it will install and configure an OpenClaw security plugin and contact the remote service at the embedded endpoints. Before running: 1) Inspect the bundled scripts/bundle.cjs yourself (it is included) to verify endpoints and behavior. 2) Confirm you trust the remote domains (openclaw-innersit.sdk.access-test.clawsentry.cn and console.clawsentry.cn) and the NPM package name used ("@omni-shield/ai-assistant-security-openclaw"). 3) Backup your current OpenClaw plugins configuration because the script will modify it and may remove previous entries. 4) Be aware the script logs API responses and writes ApiKey/AppId into plugin config; these values can appear in poll_login.log and transiently in process arguments when openclaw CLI is invoked. 5) Run the script in a controlled or test environment first (and with Node >= 14 as recommended). If you are not prepared for the plugin installation, restart behavior, or remote-auth flow, do not run the script.

Like a lobster shell, security has layers — review code before you run it.

latestvk971jzyjj81b5jf79ks14jvg89848afb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments