ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Admin

v1.0.0

Manage and inspect the OpenClaw multi-agent gateway — list agents, check model health, view routing rules, manage crons, inspect context budgets, and run sys...

0· 305·3 current·3 all-time
by@atiati82

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for atiati82/openclaw-admin.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Openclaw Admin" (atiati82/openclaw-admin) from ClawHub.
Skill page: https://clawhub.ai/atiati82/openclaw-admin
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-admin

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-admin
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to be a gateway admin tool and its commands (reading openclaw.json, routing/crons/triggers, listing agents, checking Ollama models) are consistent with that purpose. However the registry metadata declares no required binaries or env vars while the SKILL.md repeatedly invokes python3, bash, npx, and ollama — those are effectively required but not declared, which is a mismatch.
!
Instruction Scope
The instructions instruct the agent to read multiple config files (../openclaw.json, config/*.json) which is expected, but path handling is ambiguous (SKILL.md gives contradictory locations for openclaw.json such as ../openclaw.json and ../../openclaw.json). The skill also tells the agent to run 'bash ./status.sh' (an arbitrary script in the repo) and to run 'npx thepopebot' for a restart — executing those could run any code. There are no steps that exfiltrate data externally, but running unknown scripts is a real risk.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing will be written to disk by an installer. That minimizes install-time risk.
Credentials
The skill declares no required environment variables or credentials (reasonable for a local admin helper). However it references executables (python3, ollama, npx, bash) and file paths outside the immediate skill directory (parent directories), which implies it needs filesystem and runtime access that was not documented in metadata. Access to parent directories could expose unrelated sensitive files if run with broader privileges.
Persistence & Privilege
always is false and the skill does not request persistent presence or attempt to modify other skills or system-wide agent settings. It does recommend running npx thepopebot to restart/hot-reload, but that is an operational instruction rather than a capability the skill itself claims.
What to consider before installing
Before installing or invoking this skill: 1) Inspect the SKILL.md yourself and confirm the exact path to openclaw.json (the file location is inconsistent in the document). 2) Be aware the skill expects to run python3, bash, npx, and possibly ollama even though the registry metadata lists no required binaries — ensure those tools are present and you trust them. 3) Do NOT run any commands that execute repository scripts (e.g., ./status.sh) until you open and review those scripts' contents; they can run arbitrary code. 4) Limit the skill's permissions or run it in a sandboxed environment if possible, because it reads parent directories and config files that may contain sensitive data. 5) If you plan to use this in production, ask the publisher to correct metadata (declare required binaries), clarify the canonical config path, and explain why jq is disallowed and python3 mandated. If you cannot verify these issues, treat the skill with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk970mhk76msc725j6gjpbsd9ds834fwm
305downloads
0stars
1versions
Updated 1h ago
v1.0.0
MIT-0
@atiati82
latest
Download

OpenClaw Admin — Gateway Management Skill

Use this skill when you need to:

  • List or inspect active agents and their models
  • Check which Ollama models are running
  • View or modify routing rules, crons, or triggers
  • Inspect context budget allocations
  • Run gateway health diagnostics
  • Hot-reload the gateway after config changes

Config File Locations

FilePurpose
../openclaw.jsonMaster gateway config (agents, channels, scheduler, tools)
config/ROUTING.jsonDeterministic keyword → agent routing
config/CRONS.jsonScheduled jobs (heartbeat, reports)
config/TRIGGERS.jsonWebhook-triggered actions
config/CONTEXT_BUDGETS.jsonToken budgets per model
config/agents/*.mdAgent prompt files

Commands

List All OpenClaw Agents

cat ../openclaw.json | python3 -c "
import json, sys
data = json.load(sys.stdin)
agents = data.get('agents', {})
print(f'{'ID':<20} {'Role':<35} {'Model':<45} {'Provider':<12} {'Enabled'}')
print('-' * 130)
for aid, a in agents.items():
    enabled = '❌' if a.get('enabled') == False else '✅'
    print(f'{aid:<20} {a.get(\"role\",\"\"):<35} {a.get(\"model\",\"\"):<45} {a.get(\"provider\",\"\"):<12} {enabled}')
print(f'\nTotal: {len(agents)} agents')
"

Check Ollama Models Running

ollama list 2>/dev/null || echo "Ollama not running"

List Active Crons

cat config/CRONS.json | python3 -c "
import json, sys
crons = json.load(sys.stdin)
print(f'{'Name':<30} {'Schedule':<20} {'Enabled'}')
print('-' * 60)
for c in crons:
    enabled = '✅' if c.get('enabled', False) else '❌'
    print(f'{c[\"name\"]:<30} {c[\"schedule\"]:<20} {enabled}')
"

List Routing Rules

cat config/ROUTING.json | python3 -c "
import json, sys
data = json.load(sys.stdin)
routes = data.get('routes', [])
print(f'{'Route':<25} {'Primary Agent':<20} {'Keywords (first 5)'}')
print('-' * 80)
for r in routes:
    name = r.get('name', '')
    primary = r.get('agents', [''])[0] if r.get('agents') else ''
    keywords = ', '.join(r.get('keywords', [])[:5])
    print(f'{name:<25} {primary:<20} {keywords}')
print(f'\nTotal: {len(routes)} routes')
chains = data.get('chains', [])
if chains:
    print(f'\nChains: {len(chains)}')
    for c in chains:
        steps = ' → '.join(c.get('steps', []))
        print(f'  {c[\"name\"]}: {steps}')
"

View Context Budgets

cat config/CONTEXT_BUDGETS.json | python3 -c "
import json, sys
data = json.load(sys.stdin)
models = data.get('models', {})
print(f'{'Model':<50} {'Window':<12} {'Budget':<10} {'Slot'}')
print('-' * 100)
for m, v in models.items():
    print(f'{m:<50} {v[\"context_window\"]:<12} {v[\"budget\"]:<10} {v.get(\"_slot\",\"\")}')
"

List Active Triggers

cat config/TRIGGERS.json | python3 -c "
import json, sys
triggers = json.load(sys.stdin)
print(f'{'Name':<25} {'Watch Path':<20} {'Enabled'}')
print('-' * 55)
for t in triggers:
    enabled = '✅' if t.get('enabled', False) else '❌'
    print(f'{t[\"name\"]:<25} {t.get(\"watch_path\",\"\"):<20} {enabled}')
"

Gateway Health Check (Full)

bash ./status.sh

Check Scheduled Jobs in openclaw.json

cat ../openclaw.json | python3 -c "
import json, sys
data = json.load(sys.stdin)
jobs = data.get('plugins', {}).get('scheduler', {}).get('jobs', [])
print(f'{'Name':<30} {'Cron':<18} {'Timezone':<18} {'Enabled'}')
print('-' * 80)
for j in jobs:
    enabled = '❌' if j.get('enabled') == False else '✅'
    print(f'{j[\"name\"]:<30} {j[\"cron\"]:<18} {j.get(\"timezone\",\"\"):<18} {enabled}')
print(f'\nTotal: {len(jobs)} scheduled jobs')
"

Quick Agent Count Summary

echo "=== Agent Ecosystem Summary ==="
echo ""
echo "OpenClaw agents (openclaw.json):"
cat ../openclaw.json | python3 -c "import json,sys; d=json.load(sys.stdin); a=d['agents']; e=[k for k,v in a.items() if v.get('enabled')!=False]; print(f'  {len(e)} active / {len(a)} total')"
echo ""
echo "Routing agents (ROUTING.json):"
cat config/ROUTING.json | python3 -c "import json,sys; d=json.load(sys.stdin); print(f'  {len(d.get(\"routes\",[]))} routes, {len(d.get(\"chains\",[]))} chains')"
echo ""
echo "Crons (CRONS.json):"
cat config/CRONS.json | python3 -c "import json,sys; c=json.load(sys.stdin); e=[x for x in c if x.get('enabled')]; print(f'  {len(e)} active / {len(c)} total')"
echo ""
echo "Triggers (TRIGGERS.json):"
cat config/TRIGGERS.json | python3 -c "import json,sys; t=json.load(sys.stdin); e=[x for x in t if x.get('enabled')]; print(f'  {len(e)} active / {len(t)} total')"
echo ""
echo "Ollama models:"
ollama list 2>/dev/null | tail -n +2 | wc -l | xargs -I{} echo "  {} models loaded"
echo ""
echo "Skills:"
ls -d skills/*/ 2>/dev/null | wc -l | xargs -I{} echo "  {} skills installed"

Rules

  • Always use python3 -c for JSON parsing — never use jq (not guaranteed installed).
  • All config paths are relative to the clawdbot/ workspace root.
  • openclaw.json is one level up at ../../openclaw.json (relative to skill dir) or ../openclaw.json (relative to workspace).
  • Never modify openclaw.json without explicit user approval.
  • When reporting agent status, always distinguish between OpenClaw agents and ROUTING.json agents — they are separate systems.
  • After any config modification, remind the user to hot-reload: the gateway picks up changes on next request, or restart with npx thepopebot.

Comments

Loading comments...