ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Wallpaper

v0.2.1

OpenClaw 桌面壁纸 - 让 AI 住进你的桌面。支持流式对话、成就系统、上下文持久化、7x24稳定运行。自动安装 Lively Wallpaper,一键启动。

0· 129·0 current·0 all-time
byAI话聊室@femnn

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for femnn/openclaw-wallpaper.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenClaw Wallpaper" (femnn/openclaw-wallpaper) from ClawHub.
Skill page: https://clawhub.ai/femnn/openclaw-wallpaper
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-wallpaper

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-wallpaper
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and instructions implement a local bridge between Lively Wallpaper UI and a local OpenClaw Gateway (expected for a wallpaper chat skill). However, wallpaper-server.js contains a hard-coded gatewayToken value and ui-server.js serves files from a hard-coded absolute Windows user path (C:\Users\23622\...). The README instructs editing the file to supply a token, yet the repository already embeds one — this mismatch is unexpected and incoherent with the SKILL.md guidance.
!
Instruction Scope
SKILL.md instructs running scripts (scripts/install.ps1, scripts/start.bat, scripts/install-startup.bat) to auto-install Lively and enable startup, but these script files are not present in the provided file manifest. SKILL.md also tells users to retrieve a Gateway Token and edit wallpaper-server.js, but the server file already contains a hard-coded token string. The skill reads/writes conversation history to wallpaper-data/ and writes log/status files — expected for persistence but should be called out since SKILL.md promises '上下文持久化'.
Install Mechanism
There is no install spec in the registry (instruction-only), which is lower risk. SKILL.md refers to automated install scripts for Lively Wallpaper, but those scripts are missing from the manifest; if the missing scripts were present and executed they could perform system installs (winget/Microsoft Store/etc). The repository itself does not fetch remote code at runtime (server communicates with localhost).
!
Credentials
The skill declares no required environment variables or credentials, yet wallpaper-server.js embeds a long-looking bearer token in the source. That is a disproportionate and suspicious secret exposure: either the token is a leftover/test value, or it points to someone else's gateway and could allow the skill to act with that credential. The SKILL.md instructs users to obtain their own Gateway Token, but the presence of a hard-coded token contradicts that and is not justified.
Persistence & Privilege
The skill creates persistent files (wallpaper-data, wallpaper-status.json, wallpaper-monitor.log), spawns detached node processes, and the documentation references creating startup entries. These are consistent with a long-running wallpaper service, but they do give the skill lasting presence on the host. The monitor uses taskkill to stop node.exe processes matching a window title filter which could affect other node processes in some cases. 'always' is false, and there is no direct request to modify other skills or system-wide configs in the provided files.
What to consider before installing
This skill is plausible for a desktop wallpaper chat bridge, but there are several red flags you should address before installing or running it: - Do not run any missing install scripts blindly. SKILL.md refers to scripts (install.ps1, start.bat, install-startup.bat) that are not in the provided file list — ask the publisher for them or inspect them carefully if they appear later. - Inspect wallpaper-server.js and remove or replace the hard-coded gatewayToken. Treat that token as sensitive: ask the author where it came from. Do not run the server until you configure it with a token you control (or confirm the embedded token is intentionally safe). - The UI server (ui-server.js) uses an absolute path to a specific Windows user directory. Update it to a path on your machine or serve files from the skill directory to avoid accidental access to unrelated user directories. - Expect the skill to write conversation history and logs under the skill directory — check file locations and permissions if you care about privacy. - The monitor uses Windows taskkill and will spawn detached node processes; if you run this on a machine with other Node apps, review the taskkill filter and restart logic to avoid unintended process termination. If you cannot confirm the origin of the embedded token or the missing scripts, treat the skill as untrusted. Ask the publisher for: the missing scripts, clarification about the embedded gateway token, and a version of ui-server.js that uses relative paths. After those are resolved, re-evaluate and consider running the skill inside a controlled environment (VM) first.
wallpaper-monitor.js:90
Shell command execution detected (child_process).
!
wallpaper-ui/LivelyProperties.json:5
Install source points to URL shortener or raw IP.
!
wallpaper-server.js:515
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977kbtx7kfmtag91vmcbvvb6583bmyj
129downloads
0stars
3versions
Updated 1mo ago
v0.2.1
MIT-0
AI话聊室@femnn
latest
Download

OpenClaw 桌面壁纸 🌟

让 AI 住进你的桌面,一个温暖的文字精灵陪伴你每一天。

特色

  • 🌸 温暖对话 - 小暖是一个有温度的文字精灵,每个字都有生命
  • 🌊 流式输出 - 实时显示回复,如流水般自然
  • 🏆 成就系统 - 12个汉字成就徽章,记录你们的相遇
  • 💾 上下文持久化 - 对话历史自动保存,重启不丢失
  • 🔄 7x24稳定 - 专业级稳定性,自动重连、心跳检测
  • 🖼️ 图片支持 - 发送图片,小暖会认真看
  • 🚀 一键安装 - 自动安装依赖,开箱即用

快速开始

方式一:自动安装(推荐)

# 1. 安装 OpenClaw(如未安装)
npm i -g openclaw

# 2. 安装此技能
clawhub install openclaw-wallpaper

# 3. 进入技能目录
cd skills/openclaw-wallpaper

# 4. 运行安装脚本(自动安装 Lively Wallpaper)
.\scripts\install.ps1

# 5. 启动服务
.\scripts\start.bat

方式二:手动安装

步骤 1:安装依赖

# 安装 OpenClaw CLI
npm i -g openclaw clawhub

# 安装技能
clawhub install openclaw-wallpaper

步骤 2:安装 Lively Wallpaper

选项 A:通过 Microsoft Store 安装(推荐)

  • 打开 Microsoft Store
  • 搜索 "Lively Wallpaper"
  • 点击安装

选项 B:通过 winget 安装

winget install rocksdanister.Lively

选项 C:手动下载

步骤 3:启动桥接服务器

cd skills/openclaw-wallpaper
node wallpaper-server.js

步骤 4:配置壁纸

  1. 打开 Lively Wallpaper
  2. 点击 "+" 添加壁纸
  3. 选择 "Open File" → 浏览到 wallpaper-ui 文件夹
  4. 选择 index.html
  5. 壁纸会自动连接桥接服务器

步骤 5:开始聊天

在桌面上直接输入消息,小暖会温暖回应 ✨

文件结构

openclaw-wallpaper/
├── SKILL.md              # 技能说明
├── README.md             # 项目介绍
├── CHANGELOG.md          # 版本历史
├── wallpaper-server.js   # 桥接服务器(核心)
├── wallpaper-monitor.js  # 稳定性监控
├── wallpaper-ui/         # 壁纸前端文件
│   ├── index.html
│   ├── app.js
│   ├── style.css
│   └── LivelyProperties.json
└── scripts/
    ├── install.ps1       # 自动安装脚本
    ├── start.bat         # 一键启动
    └── install-startup.bat  # 开机自启动

配置

桥接服务器配置

编辑 wallpaper-server.js 顶部的配置:

const config = {
    gatewayPort: 18789,      // OpenClaw Gateway 端口
    gatewayToken: 'your-token', // 从 OpenClaw 获取
    agentId: 'main',         // Agent ID
    serverPort: 8765,        // 桥接服务端口
    serverHost: '0.0.0.0'    // 监听地址
};

获取 OpenClaw Gateway Token

# 查看 OpenClaw 状态
openclaw status

# Gateway Token 会显示在输出中

成就系统

每个成就是用汉字组成的艺术图案:

成就解锁条件
🤝 相遇第一次对话
💬 话匣子对话5次
🗣️ 谈天说地对话10次
👥 知音对话20次
⭐ 星辰提到星辰
❤️ 暖心提到心意
⚔️ 剑心提到剑锋
🐉 龙魂提到龙
🌲 树语提到树木
🌊 流水提到水海
🌙 月华提到月亮
☀️ 晨曦提到太阳

稳定性特性

特性说明
连接池HTTP Agent 保持长连接
心跳检测每30秒检查 Gateway 状态
内存监控自动检测内存使用
自动重连连接断开自动恢复
会话持久化对话历史保存到文件
开机自启Windows 启动项自动运行

API 端点

端点方法描述
/healthGET健康检查
/chatPOST发送消息(非流式)
/streamPOST发送消息(流式 SSE)
/clearPOST清空对话历史

故障排除

显示"无法连接"

  1. 检查桥接服务器是否运行:

    curl http://127.0.0.1:8765/health

  2. 检查 OpenClaw Gateway:

    curl http://127.0.0.1:18789/v1/models

  3. 点击壁纸中的刷新按钮重试

对话历史丢失

检查 wallpaper-data/ 文件夹是否存在且有写入权限。

致谢

本项目使用以下开源软件:

感谢所有开源贡献者!

版本历史

[0.1.0] - 2026-03-20

  • 初始发布
  • 流式对话支持
  • 成就系统
  • 上下文持久化
  • 7x24 稳定性监控
  • 自动安装脚本

License

MIT

Comments

Loading comments...