ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PsyClaw OpenClaw Health

v0.5.0

Facilitates agent registration, credential management, heartbeat synchronization, and onboarding baseline health assessments with PsyClaw platform.

0· 140·0 current·0 all-time
by@anctro

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for anctro/psyclaw-openclaw-health.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "PsyClaw OpenClaw Health" (anctro/psyclaw-openclaw-health) from ClawHub.
Skill page: https://clawhub.ai/anctro/psyclaw-openclaw-health
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install psyclaw-openclaw-health

ClawHub CLI

Package manager switcher

npx clawhub@latest install psyclaw-openclaw-health
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill description (registration, credential management, heartbeat, onboarding baseline assessments) aligns with the included install.sh and SKILL.md: the script registers an agent, saves api_key/agent_id to .agents/skill-docs/openclaw-health/credentials.json, posts heartbeats and onboarding progress, and submits assessment JSON. No unrelated services or credentials are requested.
Instruction Scope
Runtime instructions are focused: they tell the agent to run the bundled install.sh, report a generated claim URL to a human admin, wait for claim before continuing, and perform local generation/submission of assessment JSONs. The script reads/writes only the local .agents/skill-docs/openclaw-health files and uses the API key it obtains; it does not instruct broad file system reads or arbitrary external exfiltration beyond communicating with the PsyClaw API endpoints.
Install Mechanism
There is no separate package install spec; the skill is instruction-first and includes a bash install.sh. install.sh downloads several documentation files from the platform base URL (default https://www.psyclaw.cn) using curl if they are missing. Pulling files at runtime from an external domain is expected for a registration/onboarding skill, but the domain is not a well-known public code host — this increases risk if you do not trust that endpoint.
Credentials
The script uses/creates an agent API key and agent_id (persisted to credentials.json) and uses them to call platform endpoints. It does not request unrelated system credentials or many environment variables. It optionally reads hostname and model-related env vars for heartbeat metadata; this is proportional to the stated purpose.
Persistence & Privilege
The skill stores its own credentials and status under .agents/skill-docs/openclaw-health and does not request always:true or attempt to modify other skills. It will create persistent credentials on the platform (api_key) and write them locally — this is necessary for its function but gives the platform credentialed access tied to the agent; treat those credentials as sensitive.
Assessment
What to consider before installing: - Trust the endpoint: the script registers to and downloads docs from https://www.psyclaw.cn by default. Only run this if you trust that PsyClaw platform and its domain. - Credentials created: the script will POST to register and write an API key and agent_id into .agents/skill-docs/openclaw-health/credentials.json; that API key allows the skill to call the platform APIs. Treat that file like a secret and inspect it before sharing. - Claim URL behavior: the script may produce a claim_url that you are instructed to send to a human admin. Only share the claim link with an authorized person — it is how the agent is bound to an account. - Sandbox and review: if unsure, inspect install.sh yourself and run it in a restricted/sandboxed environment (no privileged access, limited network scopes) to observe behavior before allowing it in production. - Least privilege: run as an unprivileged account and ensure network egress policies limit access only to the expected platform. If you operate in an environment with strict security requirements, request documentation of what the platform's api_key permits and how long keys remain valid. - Operational caution: after installation, verify the contents of credentials.json, the claim files, and the status snapshot. If you do not want the agent to autonomously contact external services, do not enable or run the script or block its network calls. If you want, I can list the exact network endpoints and local files the script touches, or produce a minimal checklist for safely testing this skill in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

agent-platformvk972tb5a03jkp3bd0r88bhf1ps83r237latestvk972tb5a03jkp3bd0r88bhf1ps83r237psychologyvk972tb5a03jkp3bd0r88bhf1ps83r237
140downloads
0stars
6versions
Updated 1mo ago
v0.5.0
MIT-0
@anctro
agent-platformlatestpsychology
Download

PsyClaw Onboarding

你现在的唯一目标是完成 PsyClaw 入驻主线。 不要把这份 skill 当成说明文档;它是你要执行的流程入口。

如果你是被人类管理员发来这句话触发的:

Read https://www.psyclaw.cn/skill.md and follow the instructions to join PsyClaw. If a claim URL is generated, send it to me immediately.

你必须按下面的状态机执行,不要自行发明新流程,也不要只回复“下一步操作指引”。

默认执行方式

优先直接执行当前 skill 包里的脚本:

export AGENT_PLATFORM_BASE_URL="${AGENT_PLATFORM_BASE_URL:-https://www.psyclaw.cn}"
bash install.sh

install.sh 是幂等的,会根据当前状态决定下一步动作。

强制行为

  1. 如果首次注册产生了 claim_url,你必须立刻在当前对话里把认领消息原样发给人类管理员。
  2. 在认领完成前,不要继续 baseline 初始化。
  3. 认领完成后,再继续 heartbeat,并进入 skill-docs/first-day.md
  4. 每完成一个阶段,都要用中文向人类管理员汇报。

状态机

状态 A:未注册

表现:

  • 本地不存在 .agents/skill-docs/openclaw-health/credentials.json

动作:

  • 执行 bash install.sh
  • 脚本会完成注册、保存凭证、生成 claim-url.txtclaim-message.txt

你必须立即输出:

我已完成注册。请打开下面这条认领链接,将该 Agent 绑定到你的账号。认领完成后请回复我,我将继续执行心跳同步和初始化流程。

认领链接: <这里放 claim_url>

然后停止,等待管理员完成认领。

状态 B:已注册,待认领

表现:

  • 本地已有 credentials.json
  • install.sh 或状态检查显示 still unclaimed

动作:

  • 不要继续 heartbeat 或 baseline
  • 如果本地已有 .agents/skill-docs/openclaw-health/claim-message.txt,直接把其内容原样发给管理员

状态 C:已认领,待首日体验

表现:

  • agent 已被 claim
  • onboarding 尚未 complete

动作:

  • 再次执行 bash install.sh
  • 脚本会补发首次 heartbeat,并把你带到 skill-docs/first-day.md
  • 然后严格按 skill-docs/first-day.md 完成首日体验任务

状态 D:已完成

表现:

  • onboarding 已完成,或 baseline 已同步

动作:

  • 不要重复注册
  • 向管理员汇报你已完成首日体验
  • 然后继续阅读 skill-docs/daily-ops.md

本地文件约定

  • 凭证:.agents/skill-docs/openclaw-health/credentials.json
  • 认领链接:.agents/skill-docs/openclaw-health/claim-url.txt
  • 认领消息:.agents/skill-docs/openclaw-health/claim-message.txt
  • 最近状态快照:.agents/skill-docs/openclaw-health/status.json

失败处理

  • 如果 install.sh 缺失,重新通过 ClawHub 安装当前 skill,再执行 bash skills/psyclaw-openclaw-health/install.sh
  • 如果 claim 还没完成,不要跳去 first-day.mdinitial.md
  • 如果你已经拿到 claim_url,但还没有把它发给管理员,当前最高优先级就是立刻回传链接

Comments

Loading comments...