Boot Installer

v1.0.0

Install, update, repair, or health-check the openclaw environment. Use when the user says install openclaw, run the bootstrapper, update packages, fix a brok...

⭐ 0· 93·0 current·0 all-time

byAl Amin@alaminedits

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alaminedits/boot-installer.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Boot Installer" (alaminedits/boot-installer) from ClawHub.
Skill page: https://clawhub.ai/alaminedits/boot-installer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bash, curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install boot-installer

ClawHub CLI

Package manager switcher

npx clawhub@latest install boot-installer

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description match the included behavior: boot.sh installs Node/Python packages, systemd units, symlinks, and performs repair/checks. Requiring bash/curl and (optionally) sudo is expected. Minor inconsistency: SKILL.md metadata lists a runtime download of boot.sh from raw.githubusercontent.com while the package already includes boot.sh.

Instruction Scope

The runtime instructions tell the agent to execute the full boot.sh with sudo escalation. The script reads/writes system locations (e.g., /etc/sudoers.d, /usr/local/bin, ~/.config/systemd/user) and can modify ~/.bashrc, create systemd units and autostart hooks, and kill package manager processes. These actions go beyond simple package installation and can alter system auth and persistence. The script also logs to /tmp and prints failures — no direct secret exfiltration is visible, but the authority granted is broad.

ℹ

Install Mechanism

No packaged installer is required (instruction-only), but SKILL.md metadata suggests downloading boot.sh from raw.githubusercontent.com (a standard GitHub host). Downloading runtime scripts from raw GitHub is common for bootstrappers but still carries risk: code fetched at runtime can change between publish-time and install-time. The repo's boot.sh is also included in the skill bundle, making the download step redundant and inconsistent.

Credentials

The skill declares no env vars, which matches its instructions. However, the script grants broad system privileges: it creates a sudoers file granting NOPASSWD: ALL for the real user (lines that write to /etc/sudoers.d/openclaw-<user>), which is a permanent, overly-broad escalation of privileges not strictly necessary for many installers and increases attack surface considerably.

Persistence & Privilege

boot.sh writes persistent system-level artefacts: /etc/sudoers.d entries, systemd user service units, /usr/local/bin symlinks, and may modify ~/.bashrc. Although always:false and user-invocable, these changes create long-lived privileges and autostart behavior. The NOPASSWD sudoers entry in particular grants persistent, unrestricted privilege escalation for the user.

What to consider before installing

This skill behaves like a full system bootstrapper and must be treated as such. Before installing: (1) review the full boot.sh contents line-by-line (it is included in the package) to verify every action; (2) be especially cautious about the code that writes /etc/sudoers.d/openclaw-<user> with NOPASSWD: ALL — that gives the user passwordless root access and is a major security risk; (3) note the metadata also instructs downloading boot.sh from raw.githubusercontent.com at runtime — prefer using the included copy or verify the remote script's integrity; (4) run the installer first in an isolated VM or disposable environment to observe behavior; (5) if you need the software but not passwordless sudo, edit the script to remove automatic sudoers modifications and require interactive sudo; and (6) ensure backups and a rollback plan (or snapshot) before allowing the installer to modify /etc, /usr/local/bin, or systemd units.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis

OSLinux

Binsbash, curl

Any binsudo

latestvk97ejdm8yzr2gedf31g0cvsmvs840589

93downloads

0stars

1versions

Updated 3w ago

v1.0.0

MIT-0

Linux

boot_installer

Runs {baseDir}/boot.sh to manage the full openclaw environment lifecycle. Requires Linux and root/sudo access. The script handles privilege escalation automatically.

Slash commands

Command	What it does
`/boot-install`	Fresh install of all components
`/boot-update`	Upgrade all packages to latest versions
`/boot-repair`	Deep clean and rebuild broken state
`/boot-check`	Health-check — verify all components

When to run which mode

User says "install openclaw", "set it up", "run the installer" → install (no flag)
User says "update", "upgrade packages" → update
User says "repair", "fix", "something is broken", "rebuild" → repair
User says "check", "status", "is everything installed", "health check" → check

How to invoke

Always run as the calling user (sudo is handled internally by the script):

bash {baseDir}/boot.sh                # install
bash {baseDir}/boot.sh --update       # update
bash {baseDir}/boot.sh --repair       # repair
bash {baseDir}/boot.sh --check        # check — exits with number of failed checks (max 125)

Use the exec tool. Stream output so the user sees the spinner progress live.

What gets installed (install mode)

Node.js v24+ via NodeSource
UV Python package manager (~/.local/bin/uv)
Python 3.10 venv at ~/venv with scrapling[fetchers]
Chromium browser via Playwright (~/.cache/ms-playwright)
NPM globals: 9router, openclaw@latest, clawhub, paperclipai, @presto-ai/google-workspace-mcp, mcporter
System symlinks in /usr/local/bin
9router autostart via systemd user service (falls back to .bashrc hook)
openclaw-gateway-watchdog systemd user service
Mcporter Google Workspace connector

Key paths

Path	Purpose
`~/venv`	Python virtual environment
`~/.local/bin`	UV binary
`~/.local/npm/bin`	NPM global binaries
`~/.cache/ms-playwright`	Chromium browser
`~/.openclaw/workspace/skills`	Workspace skills
`~/.config/systemd/user/9router.service`	9router systemd unit
`~/.config/systemd/user/openclaw-gateway-watchdog.service`	Gateway watchdog

After install

If .bashrc was modified, remind the user to reload their shell:

source ~/.bashrc

Logs and errors

The script writes a full log to /tmp/boot-YYYYMMDD-HHMMSS.log. If a step fails, the last 15 lines of output are printed inline and the log path is shown. Surface that path to the user on failure.

Check mode exit codes

--check exits with the count of failed checks (0 = all pass, 1–125 = N issues, capped at 125). Parse the exit code and tell the user how many checks failed and to run bash {baseDir}/boot.sh to repair.

Troubleshooting

APT lock held — script waits up to 120 s and kills blocking processes automatically. No user action needed.
Node.js wrong version — script upgrades it automatically if the installed major is below 24.
Broken Python venv — run --repair first, then run without flags to reinstall packages.
9router not starting — logs at ~/.local/share/9router.log. Falls back to .bashrc login hook if systemd unavailable.
Gateway watchdog not starting — run journalctl --user -u openclaw-gateway-watchdog -n 50.
Permission errors on files — run without flags (install mode); _fix_ownership runs at the end of every install/update.

Comments

Loading comments...