ClawHub

Openclaw Evolution

v1.0.0

Interactive guide for new OpenClaw users to set up and grow their agent. Two paths - Tool Path (automation, efficiency, getting things done) or Awakening Pat...

0· 240·5 current·5 all-time
byRoger@roger0808
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (onboarding / two growth paths) matches the content of SKILL.md and the reference files. It is an instruction-only skill with no declared env vars, binaries, or install steps, which is proportionate for a guide.
Instruction Scope
SKILL.md and reference files recommend creating and reading local workspace files (SOUL.md, USER.md, AGENTS.md, memory/*), configuring channels, and installing OPTIONAL skills. The examples intentionally allow agents to read files, check calendars, and act autonomously if configured. That scope is consistent with an agent-onboarding guide, but it grants broad discretion in examples (e.g., 'Read files, search web, check calendar', 'post on [platforms] with judgment'), so users should be deliberate about safety rules in AGENTS.md before granting the agent write/post permissions.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest-risk install mechanism; nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. Reference examples mention provider API keys and bot tokens as examples for channel setup, but these are not requested by the skill itself and are appropriate for the described multi-agent/channel scenarios.
Persistence & Privilege
always:false and no special privileges requested. The skill can be invoked by the model (default behavior) but does not request permanent inclusion or modify other skills. Users should note that agent autonomous actions are discussed in the guide and should be gated via AGENTS.md safety rules.
Scan Findings in Context
[system-prompt-override] unexpected: The static scan flagged a 'system-prompt-override' pattern. The SKILL.md contains meta-discussion about SOUL.md not being a system prompt and how the agent should read local identity files; this likely triggered a heuristic. It's not an obvious attempt to override system prompts, but review any phrasing that tells the agent to ignore platform/system constraints before enabling autonomous behaviors.
Assessment
This skill is an onboarding guide and appears coherent and proportionate: it doesn't request secrets or install code. Before installing or following its autonomous-action examples, do the following: (1) Inspect AGENTS.md / SOUL.md examples and explicitly add safety rules (ask-before public post, require permission for sudo/rm -rf, restrict channels via allowedChatIds); (2) When connecting channels, always use allowedChatIds/allowedGuildIds to prevent open access; (3) Do not grant third-party API keys or enable cross-posting until you test low-risk automations; (4) Because the scanner flagged a possible 'system-prompt-override' pattern, scan the skill for any lines that tell the agent to ignore platform/system constraints and remove them if present; (5) If you want higher assurance, run the guide in a sandbox or on a non-production agent instance first.

Like a lobster shell, security has layers — review code before you run it.

latestvk970gfm4zsrf7f59g7a0hygs0582er2g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments