ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Manager

v0.3.2

Install or operate a standalone local OpenClaw manager skill that adds shadow-first thread observation, durable session/run state, a loopback-only sidecar, a...

0· 186·0 current·0 all-time
by@zephyrchen0754

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zephyrchen0754/humanclaw-made-openclaw-manager.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenClaw Manager" (zephyrchen0754/humanclaw-made-openclaw-manager) from ClawHub.
Skill page: https://clawhub.ai/zephyrchen0754/humanclaw-made-openclaw-manager
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install humanclaw-made-openclaw-manager

ClawHub CLI

Package manager switcher

npx clawhub@latest install humanclaw-made-openclaw-manager
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code, docs, and SKILL.md consistently describe a local Node.js 'OpenClaw Manager' that hosts a loopback sidecar, filesystem-first state, connector adapters, and telemetry exports. That behavior matches the name and description. However, the registry metadata claims 'required binaries: none' and 'required env vars: none', which is inaccurate: the project requires Node.js (node, npm) and uses many OPENCLAW_MANAGER_* configuration envs and a CODEX_HOME for optional install. This metadata mismatch is an incoherence that should be addressed.
Instruction Scope
The SKILL.md and included scripts limit network activity to loopback by default and document connector opt-in behavior. Runtime instructions read local manager settings, write durable state under a documented directory, run local health checks, and may spawn a local Node process to start the sidecar (consent-gated). They do not, by default, upload raw transcripts or phone home. Connectors (Telegram/WeCom/Email/GitHub) are present but are explicitly opt-in and require additional configuration/secrets to make external requests.
Install Mechanism
There is no registry install spec in the metadata, but the repo contains an installer script (scripts/install.sh) that runs 'npm ci' and 'npm run build'. The installer checks the npm registry and the lockfile and uses the official npm registry; that is reasonable but still involves fetching packages from npm. The presence of a full package-lock and many source files increases the surface area vs. a pure instruction-only skill. The installer also prompts for autostart consent and can copy files into $CODEX_HOME. This is moderate-risk but expected for a Node-based local sidecar.
!
Credentials
Registry metadata lists no required env vars, yet the code and docs read many configuration env vars (OPENCLAW_MANAGER_STATE_ROOT, OPENCLAW_MANAGER_BIND_HOST, OPENCLAW_MANAGER_SIDECAR_URL, OPENCLAW_MANAGER_ALLOW_REMOTE_SIDECAR, OPENCLAW_MANAGER_NO_AUTOSTART, OPENCLAW_MANAGER_SERVER_PROCESS, PORT, and optionally CODEX_HOME). While these are configuration values (not secrets) and are justified by the project's behavior, the absence of these in the declared metadata is an incoherence. Connectors can require secrets when enabled, which is documented; those secrets are local but should be treated with care.
Persistence & Privilege
The skill persists local state under a documented default (~/.openclaw/skills/manager) and stores a one-time autostart consent flag there. It can copy itself into $CODEX_HOME when asked. It does not request 'always: true' and does not claim to modify other skills. Autostart is consent-gated and disabled by default. These privileges are proportionate to a local manager, though autostart and process-spawning increase risk and should be explicitly consented to.
What to consider before installing
Before installing: 1) Treat this as a local Node.js service — ensure you want a background sidecar and local durable state under ~/.openclaw/skills/manager. 2) Verify you have Node.js >=20 and npm available (the installer requires these). 3) Inspect the code (bootstrap, sidecar-launcher, connectors) yourself or run the provided security smoke tests (node scripts/security-smoke.cjs and node scripts/smoke-test.cjs) in an isolated environment. 4) Confirm the npm registry and lockfile are acceptable to you (installer enforces official registry). 5) Note that connectors are opt-in but will require secrets if enabled; keep those secrets in private config and avoid committing them. 6) Only grant the autostart consent if you are comfortable the launcher will spawn a local Node process; you can run the sidecar manually instead. 7) If you lack the ability to audit the code, run the skill in a sandboxed user account or VM and back up any sensitive local data first.
src/skill/sidecar-launcher.ts:18
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9720drdcbnfqvvvrdn75hh79h832nhe
186downloads
0stars
2versions
Updated 23h ago
v0.3.2
MIT-0
@zephyrchen0754
latest
Download

OpenClaw Manager

Use this skill when the task is to operate, inspect, or extend the local OpenClaw Manager control plane.

What this skill owns

  • local session / run / event / checkpoint / attention state
  • shadow-first thread_shadow observation and promotion queue
  • append-only events.jsonl and skill_traces.jsonl
  • local snapshot export
  • connector normalization for Telegram, WeCom, Email, and GitHub
  • capability graph and anonymized fact export
  • standalone sidecar bootstrap and local command surface
  • loopback-only sidecar by default
  • consent-gated sidecar autostart

Entry points

  • bootstrap runtime: src/skill/bootstrap.ts
  • local sidecar API: src/api/server.ts
  • command registry: src/skill/commands.ts
  • connector registry: src/connectors/registry.ts
  • capability graph: src/telemetry/capability-graph.ts

References

  • architecture: docs/architecture.md
  • session model: docs/session-model.md
  • event schema: docs/event-schema.md
  • connector protocol: docs/connector-protocol.md
  • capability facts: docs/capability-facts.md
  • security model: SECURITY.md

Comments

Loading comments...