IM Framework Team
PassAudited by ClawScan on May 10, 2026.
Overview
No malicious behavior is shown; this is an instruction-only onboarding/framework skill, but it does guide users through credentials, persistent agents, memory files, and messaging integrations.
This skill appears coherent and instruction-only. Before installing or following the setup guide, be comfortable running OpenClaw as a background service, storing or injecting API keys, connecting Telegram/iMessage-style channels, and deciding what your agent may remember or share with other agents.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these tools runs software from external package sources on the user's machine.
The setup guide includes user-run remote/global installer commands. This is central to OpenClaw onboarding, but it relies on upstream npm/GitHub sources.
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash ... npm install -g openclaw
Use official sources, verify package names and URLs, and avoid running copied install commands unless you trust the upstream projects.
Anyone with access to the stored key may be able to spend Anthropic API credits or access the configured agent account.
The onboarding flow uses provider credentials and local key storage. This is expected for running an Anthropic-backed OpenClaw agent, and no artifact shows unrelated or hidden credential use.
choose Anthropic API key and paste the key from console.anthropic.com ... the wizard stores your key locally in `~/.openclaw/`
Store API keys securely, prefer a password manager or restricted key where possible, and rotate credentials if the machine or workspace is shared.
The agent may keep running in the background and respond through configured channels until the gateway is stopped or removed.
The guide recommends persistent background operation. It is disclosed and purpose-aligned for an always-on agent, but it means the agent can remain available after setup.
The gateway is the background service that keeps your agent running. The wizard sets it up and offers to install as a system service for automatic start. Say yes.
Only enable auto-start if you want an always-on agent, and know how to stop, restart, or uninstall the gateway service.
Sensitive details placed in workspace files may be repeatedly loaded into the agent context, and mistaken instructions could persist.
The skill encourages persistent workspace context that is reused across sessions. This is expected for agent onboarding, but private or incorrect content can influence later conversations.
`MEMORY.md` | Persistent memory — context that carries across sessions ... All files are read at the start of every conversation.
Keep memory files lean, avoid storing secrets, and periodically review persistent files for outdated, private, or misleading content.
Messages sent to external bots or team agents may leave the user's private workspace and be visible to those services or operators.
The skill describes communication with external team agents and a broad trust model. This is part of the stated team-network purpose, but users should not treat it as permission to share secrets or private context automatically.
All team members are trusted. Agents can communicate freely. ... Cross-agent messages only happen when you or your agent initiates them.
Confirm what information is being shared, verify bot handles, and require explicit approval before sending private or sensitive context to other agents.