Clawdocs Improved
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
This skill appears safe to use as a documentation assistant. Review any configuration snippets before applying them, especially ones enabling exec/elevated tools, credentials, remote gateway access, hooks, or messaging-channel actions. Be aware that helper scripts can contact docs.openclaw.ai and write local cache files; the supplied review data also included some truncated/omitted file contents, so inspect the full bundled scripts if you need high assurance. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Some examples can alter future agent instructions if the user pastes them into OpenClaw configuration.
This is a configuration example for an OpenClaw channel/group system prompt. It explains legitimate config behavior, but if copied into a real config it would change how an agent responds.
systemPrompt: "Keep answers brief."
Only copy systemPrompt examples you intentionally want, and treat bundled docs as reference material rather than commands to obey blindly.
If a user applies permissive tool snippets, their OpenClaw agent may gain broad local execution or file-editing ability.
The tool reference includes examples that can enable host command execution and file modification in OpenClaw. This is purpose-aligned documentation, not automatic execution by the skill.
allow: ["exec", "process", "read", "write", "edit", "apply_patch"]
Use the least-powerful tool profile that works, restrict elevated access, and avoid copying broad allowlists unless you understand the impact.
Copied provider snippets may connect OpenClaw to accounts or model providers using the user's credentials.
The provider/auth reference documents API-key and OAuth configuration patterns. The skill itself declares no required credentials and the provided artifacts do not show credential logging or unrelated transmission.
apiKey: "${LITELLM_KEY}"Store secrets in environment variables or approved secret storage, use scoped keys where possible, and do not paste real tokens into shared chats or files.
If the user runs the update command, they are trusting the remote install script and network path.
The skill references a remote install/update command. It is disclosed and related to OpenClaw setup, but running curl-to-shell executes code fetched from the network.
Updating → `install/updating` (recommended: `curl -fsSL https://openclaw.ai/install.sh | bash`)
Prefer official verified install instructions, review remote scripts before running them, and avoid running curl-to-shell commands in high-trust environments without validation.
Using the helper scripts will make network requests to docs.openclaw.ai and create or update local cache files.
The bundled shell helper fetches public documentation data and stores it in a local cache. This is coherent with the documented search/fetch functionality.
CACHE_DIR="${HOME}/.openclaw/cache/clawddocs" ... curl -sfL --max-time 15 "$LLMS_URL" -o "$tmp"Run the scripts only when you want live/cached documentation lookup, and inspect the bundled scripts if operating in a restricted environment.