OpenClaw CLI
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only OpenClaw CLI helper, but it can guide commands that send messages, manage logged-in channels/tokens, and run persistent services, so sensitive actions should be reviewed before use.
This skill appears safe to install as an instruction-only OpenClaw CLI guide. Before use, make sure the OpenClaw CLI itself is trusted and installed, use --dev or --profile when you need isolation, and carefully approve commands that send messages, manage tokens/devices, reset or uninstall data, start services, manage scheduled jobs, or inspect memory/sessions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could send a message or deliver generated content to the wrong recipient.
The skill documents OpenClaw commands that can send external messages or deliver agent output. This is expected for an OpenClaw CLI skill and is not hidden, but it has real-world side effects.
openclaw message send --target +15555550123 --message "Hi" --json openclaw agent --to +15555550123 --message "Run summary" --deliver
Before running send or deliver commands, confirm the profile, channel, recipient, message text, and whether delivery should actually occur.
Commands may affect logged-in messaging channels, paired devices, or local OpenClaw tokens.
The skill covers commands that interact with channel identities, device pairing, and tokens. This is aligned with the stated OpenClaw CLI purpose, but it involves account/session authority.
`channels *`: Manage chat channel connections. `devices *`: Device pairing and token management. `dashboard`: Open Control UI with current token.
Use the intended OpenClaw profile, avoid exposing tokens in logs or screenshots, and confirm account-changing commands before running them.
Memory or session commands could reveal or modify persistent conversation context.
The command map includes access to persistent memory files and stored conversation sessions. This is disclosed as part of OpenClaw operation, but those stores may contain private context.
`memory *`: Search/reindex memory files. `sessions`: List stored conversation sessions.
Run memory and session commands only in the intended profile and avoid sharing outputs that may contain private conversation history.
Some commands may start or modify services or jobs that continue after the immediate chat task.
The skill covers long-running services and scheduled jobs. This is purpose-aligned for OpenClaw lifecycle management and is not presented as hidden persistence.
`node *`: Run/manage headless node host service. `cron *`: Manage scheduler jobs. `gateway *`: Run/inspect/query the WebSocket Gateway.
Check service/job status after changes and stop, disable, or uninstall anything that should not remain running.
Installing from the live GitHub URL later could fetch changed content that was not part of this review.
The README suggests installing from an unpinned GitHub repository. The provided package itself has no code files or automatic install step, but a moving remote repository may differ from the reviewed artifacts.
git clone https://github.com/ramensushi2026/openclaw-cli-skill.git ~/.codex/skills/openclaw-cli
Prefer the reviewed registry artifact or pin the Git repository to a trusted commit before installation.