ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Guide

v1.0.0

Guide for OpenClaw setup, config, commands, routing, and troubleshooting. Use when the user asks how OpenClaw works, how to configure it, why a channel or ag...

0· 184·0 current·0 all-time
byDon Zurbrick@zurbrick

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zurbrick/openclaw-guide-zurbrick.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenClaw Guide" (zurbrick/openclaw-guide-zurbrick) from ClawHub.
Skill page: https://clawhub.ai/zurbrick/openclaw-guide-zurbrick
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-guide-zurbrick

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-guide-zurbrick
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is a documentation/troubleshooting guide for OpenClaw, so reading local OpenClaw docs and config is reasonable. However, the SKILL.md explicitly names a hard-coded user home path (/Users/donzurbrick/.openclaw/...) while the registry metadata declares no required config paths or credentials. That mismatch (instructions expect local file access but the skill declares none) is inconsistent and should be clarified.
!
Instruction Scope
The runtime instructions explicitly tell the agent to 'check local docs first' and list absolute paths, and to 'inspect the specific config subtree' before suggesting changes. While these actions are within the guide's stated purpose, they direct the agent to read local files and config without enumerating or restricting which files; the hard-coded personal path increases privacy risk and could cause the agent to access user files unexpectedly.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk and no external packages are pulled in. This is the lowest-risk install profile.
Credentials
The skill requests no environment variables or credentials (none declared), yet the guidance mentions inspecting things like gateway.auth and provider auth as part of troubleshooting. That in itself isn't malicious, but the skill should explicitly declare any config paths or credentials it expects to read or require confirmation before accessing them.
Persistence & Privilege
always is false and there is no install or persistent behavior. The skill does not request elevated or permanent presence on the agent.
What to consider before installing
This appears to be a legitimate OpenClaw troubleshooting guide, but it contains a hard-coded local path (/Users/donzurbrick/.openclaw/...) and instructs the agent to inspect local config without declaring those config paths. Before installing or enabling the skill: (1) confirm whether the referenced paths are intended (they look specific to the skill author's machine), (2) ask the skill author to remove or generalize absolute user paths and explicitly list any config files it will read, and (3) if you allow the skill to run, be prepared to approve any local-file reads (especially under other users' home directories). If the skill will be used on a shared or multi-user system, treat the hard-coded path as a privacy risk until it's corrected. Additional info that would raise confidence to 'high': an updated SKILL.md that removes hard-coded personal paths and declares the exact config files/paths the skill will access (or a confirmation that it will only access explicitly-specified paths after user approval).

Like a lobster shell, security has layers — review code before you run it.

latestvk9750frafrxawy8vyxx4c98mqd839aj4
184downloads
0stars
1versions
Updated 1d ago
v1.0.0
MIT-0
Don Zurbrick@zurbrick
latest
Download

OpenClaw Guide

Use this skill for OpenClaw-specific guidance, not general coding or generic Linux/macOS support.

Scope

Good fits:

  • OpenClaw config questions
  • gateway restarts / health / logs
  • channel routing issues (Telegram, Discord, iMessage, etc.)
  • session / agent / cron behavior questions
  • “why is OpenClaw doing X?” troubleshooting

Do not use this skill for:

  • general shell/debug work unrelated to OpenClaw
  • building new features unless the request is specifically about OpenClaw behavior
  • security review of third-party code (use a review/audit flow instead)

Default workflow

  1. Clarify the lane Identify whether the request is about:

    • docs / usage
    • config / schema
    • runtime health
    • channel routing
    • skill structure
    • cron behavior

  2. Check local docs first Prefer local docs before web docs:

    • /Users/donzurbrick/.openclaw/workspace/docs
    • /Users/donzurbrick/.openclaw/workspace/AGENTS.md
    • /Users/donzurbrick/.openclaw/workspace/TOOLS.md
    • /Users/donzurbrick/.openclaw/workspace/MEMORY.md

  3. Inspect only the relevant config subtree Before answering config-field questions or making config changes, inspect the targeted schema subtree. Examples:

    • channels.telegram
    • agents.defaults
    • gateway.auth
    • commands

  4. Prefer the smallest explanation or change

    • answer with the specific field/path involved
    • avoid dumping unrelated config
    • prefer a minimal patch over a broad rewrite

  5. Verify after mutation If a restart or config change happens:

    • run the pre-restart validator if relevant
    • verify after restart
    • report pass/fail/warn cleanly

Troubleshooting sequence

For runtime issues, use this order:

  1. Determine whether the issue is ingress, routing, authorization, model/provider, or delivery
  2. Check the most specific evidence source available
  3. Avoid guessing from stale sessions when live config/logs can answer it
  4. Separate:
    • what is verified
    • what is inferred
    • what still needs a test

Skill structure rule

When asked to extend OpenClaw behavior, prefer:

  1. existing tools
  2. a skill with supporting files
  3. retrieval/progressive disclosure
  4. a specialist sub-agent
  5. a new first-class tool

Do not recommend a new primitive unless the Tool Addition Gate is satisfied.

Supporting references

Read these only if relevant:

  • references/triage-checklist.md — quick diagnostic flow for common OpenClaw failures
  • references/skill-design-notes.md — how to decide between skill vs tool vs subagent

Output style

  • Lead with the diagnosis or answer
  • Name the exact config path / command / failure mode
  • Distinguish verified facts from best guesses
  • Keep it tight unless the issue is architectural

Comments

Loading comments...