ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Admin

v1.0.0

Use when diagnosing, configuring, fixing, tuning, or setting up anything in OpenClaw — gateway not responding, channel silent, model failover issues, auth er...

0· 37·0 current·0 all-time
by@rendrag-git
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description claim admin/troubleshooting for OpenClaw and the SKILL.md instructs exactly the CLI commands, config paths, docs locations, and edit/backup workflow you'd expect for that purpose. No unrelated cloud credentials or external services are required.
Instruction Scope
Instructions explicitly require reading and editing many local files (~/.openclaw/openclaw.json, ~/.openclaw/.env, ~/.openclaw/secrets.json, agent workspaces, sessions, and global npm-installed docs/binaries). That is consistent with an admin tool, but it grants access to secrets and session data — sensitive material that an admin skill legitimately needs but that increases risk if the skill or agent is untrusted.
Install Mechanism
No install spec or downloaded code is provided — this is instruction-only. That reduces supply-chain risk because nothing is written to disk by the skill bundle itself.
Credentials
The skill does not declare required environment variables or credentials, yet instructs reading ~/.openclaw/.env and ~/.openclaw/secrets.json. This is coherent for an on-disk admin tool, but it's important to note the skill expects access to sensitive local secrets even though no external API keys are listed.
Persistence & Privilege
The skill is not marked 'always' and does not request elevated platform privileges. It instructs modifying only OpenClaw-related configs and files; it does not attempt to change other skills or system-wide agent settings.
Assessment
This skill is internally consistent for administering OpenClaw: it explicitly tells an agent to read and edit OpenClaw configs, secrets, sessions, and logs. That means an agent running this skill will need access to sensitive local files (tokens, secrets.json, session history). Only install if you trust the skill’s origin and the agent that will execute it. Recommended precautions: (1) verify the skill author/source or prefer an official package/homepage; (2) back up ~/.openclaw/openclaw.json and related data before use; (3) run the agent in a restricted environment or with least-privilege access if you can (or review agent filesystem permissions); (4) review the SKILL.md and your actual OpenClaw install paths — the skill assumes global npm installation paths which may differ; (5) avoid granting this skill access on systems where the OpenClaw secrets contain third-party credentials you cannot reissue. If you want higher assurance, request the skill's source code/repository and a publisher/homepage before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a25x523ww4cdn13f25sf2rs84r9z7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments