ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Config Reference

v1.0.0

OpenClaw configuration reference for openclaw.json. Use when asked about config, configuration, gateway settings, channel setup, agent config, session manage...

2· 588·0 current·2 all-time
byDaniel Samer@yixn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (OpenClaw config reference) match the content: the SKILL.md and reference files are documentation for configuring the Gateway, channels, agents, sandbox, models, hooks, etc. There are no unrelated env vars, binaries, or install steps required.
Instruction Scope
The instructions include concrete shell commands and file paths (e.g., cp ~/.openclaw/openclaw.json, openclaw doctor, pkill -SIGUSR1 -f gateway, systemctl start docker) and describe handling of secrets (~/.openclaw/.env). This is expected for a config reference, but it means the skill's text can instruct an agent or a user to run potentially impactful local commands if followed literally.
Install Mechanism
No install spec and no code files; the skill is instruction-only so it doesn't download or install third-party code. This is the lowest-risk install profile.
Credentials
The skill does not request any environment variables or credentials, but the documentation references storing API keys and gateway tokens in ~/.openclaw/.env and discusses model provider keys. Those references are appropriate for a config reference, but they point to sensitive data locations the user should protect.
Persistence & Privilege
always is false, no install, and no behavior that modifies other skills or system-wide agent settings is declared. The skill does not request permanent privileges.
Assessment
This skill is documentation only and appears coherent for its stated purpose. It contains many explicit commands and file paths that, if executed, will modify local configuration, start/stop services, or reveal/store secrets. Before installing or allowing autonomous use: (1) treat it as read-only documentation — do not grant the skill permission to run shell commands or access your filesystem unless you explicitly trust and inspect each action; (2) don't enable features that let chat users modify config (e.g., commands.config: true or open DM policy) without strict access controls; (3) keep secrets out of openclaw.json and use ~/.openclaw/.env with strict permissions (chmod 600); (4) be cautious about enabling remote browser CDP URLs, webhooks, or binding the gateway to LAN without proper auth; and (5) verify the skill/source if you need higher assurance (homepage and owner are listed but source repository is not provided). If you want the agent to perform any of the documented commands, explicitly review and approve each command first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974hdjkd0btht825x185tqxr181mkt8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments