ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

opclawtm CLI

v1.0.2

opclawtm 让用户通过 CLI 快速构建 AI Agent 团队协作网络。一键创建团队、接入飞书群聊、编排任务工作流——管理者分配任务、执行者完成工作、审核者验收成果。内置预设资料库,开箱即用。基于 OpenClaw 平台的完整团队协作解决方案。

1· 120·0 current·0 all-time
by@poderosom1

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for poderosom1/opclawtm.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "opclawtm CLI" (poderosom1/opclawtm) from ClawHub.
Skill page: https://clawhub.ai/poderosom1/opclawtm
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: opclawtm
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install opclawtm

ClawHub CLI

Package manager switcher

npx clawhub@latest install opclawtm
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and npm install of opclawtm align with a CLI team-management tool. However, the runtime docs instruct the user to run 'openclaw gateway' (a different binary) and reference ~/.openclaw paths, while the skill only declares opclawtm as a required binary—this mismatch is unexpected and should be clarified (either the environment must also provide an 'openclaw' binary or the docs are inconsistent).
Instruction Scope
Instructions direct the agent to run standard CLI checks (node version, npm install, opclawtm commands), use the TUI, and read local product files (logs, workspace/skills directories). Reading ~/.openclaw/logs/gateway.log and workspace directories is coherent for configuring bots and verifying artifacts, but it means the Skill instructs access to local logs and agent workspaces—which is functionally justified but sensitive. The guide also asks users to copy App ID/Secret into the TUI (expected), and to send a long requirement payload into Feishu (expected for a delegated workflow).
Install Mechanism
Install uses an npm package (opclawtm) which is a common, traceable mechanism and creates the opclawtm binary. No arbitrary URL downloads or archive extraction are specified.
!
Credentials
The skill declares no environment variables or external credentials, which fits. However, it asks users to paste Feishu App Secret into the TUI (normal for OAuth-style setup) and instructs reading local logs for 'ou_' IDs. Two red flags: (1) the documentation suggests obtaining test activation codes by privately messaging a TikTok/抖音 account number (1594204110) — unrelated third-party contact that could be a scam or leak channel; (2) the docs reference running 'openclaw gateway' (another component) without declaring it as a dependency, implying additional implicit privileges or services are required.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. There is no instruction to modify other skills' configs or system-wide settings beyond using the product's own files and TUI. Normal persistence characteristics.
What to consider before installing
This skill appears to be a CLI helper for the OpenClaw opclawtm product and uses npm for installation, but take these precautions before installing: 1) Clarify the 'openclaw' vs 'opclawtm' mismatch — the docs tell you to run `openclaw gateway` but the package provides `opclawtm`; ensure you know what additional binary/service (openclaw) is required. 2) Verify the npm package and homepage: inspect the opclawtm package owner, its repository/source code, and release provenance before installing globally. 3) Be cautious about secrets: the workflow asks you to paste Feishu App Secret into the TUI — confirm the TUI is local and not sending secrets to an unknown remote. 4) Treat the TikTok/抖音 contact for test codes as suspicious: do not share credentials or sensitive info through that channel; prefer official support channels (verify opclawtm.com contact). 5) Because the skill reads local logs and workspace directories (~/.openclaw/), consider installing and testing in a sandboxed account or VM first. If you need higher assurance, request the package source or an explanation from the publisher about the openclaw dependency and the official activation/test-code process.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🤖 Clawdis
Binsopclawtm

Install

Install opclawtm CLI (npm)
Bins: opclawtm
npm i -g opclawtm
latestvk970d9dev25t3dvxdg12v60fhx84hrp8
120downloads
1stars
3versions
Updated 2w ago
v1.0.2
MIT-0
@poderosom1
latest
Download

opclawtm CLI 工具操作指南

此 Skill 指导你(AI Agent)如何帮助用户完成 opclawtm 相关任务。

触发场景

当用户提到以下关键词时触发此 Skill:

  • "安装 opclawtm"
  • "激活授权" / "试用激活"
  • "创建团队" / "初始化"
  • "配置飞书" / "飞书绑定" / "配对"
  • "私有 Skill" / "创建 Skill"
  • "授权问题" / "配置问题"

1. 安装与激活

参阅 references/installation-flow.md

2. 系统初始化与团队创建

参阅 references/team-creation-flow.md

关键原则:

  • ID 直接回车自动填充,不要手动输入
  • 系统初始化会创建总助理
  • 团队创建使用向导完成

3. 飞书配置

参阅 references/feishu-config-flow.md

配置顺序:

  1. Bot 绑定 → 所有团队成员
  2. 群绑定 → 部门绑定群
  3. 用户 ID 绑定 → 用户绑定 open_id

4. 私有 Skill 创建

参阅 references/private-skill-flow.md

核心流程:

  • 通过飞书总助理创建任务
  • 技能创作部执行创建
  • 不是在本地创建文件

5. 命令速查

参阅 references/cli-reference.md

6. 问题排查

参阅 references/troubleshooting.md

关键原则

  1. 团队创建使用向导 → 在 TUI 中操作
  2. ID 直接回车自动填充 → 避免中文问题
  3. 飞书配置在 TUI 中完成 → 不用命令
  4. 私有 Skill 通过飞书创建 → 总助理分配任务
  5. 激活失败提供替代方案 → 抖音 1594204110 获取测试码

Comments

Loading comments...