ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

安全配置流程

v1.0.0

安全修改 OpenClaw 配置,先查文档和验证,确认后自动修复并反馈,记录教训,确保 Gateway 正常运行。

1· 408·4 current·4 all-time
by@nicoxia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actions in SKILL.md: it operates on ~/.openclaw/openclaw.json, uses the openclaw CLI (doctor, gateway, logs), and documents fixes. No unrelated environment variables, binaries, or install steps are requested.
Instruction Scope
Runtime instructions stay within the declared purpose (checking, auto-fixing, diffing, backing up, logging lessons). The flow requires explicit user confirmation before running 'openclaw doctor --fix', but the SKILL.md relies on procedural discipline rather than an enforced guard — confirm that any integration actually prompts the user. Also note MEMORY.md may end up storing configuration values; sensitive secrets should be redacted before recording.
Install Mechanism
Instruction-only skill with no install spec or downloaded artifacts. This is the lowest-risk install footprint.
Credentials
No environment variables, credentials, or external endpoints are requested. Actions are limited to local config paths (~/.openclaw/*) which are appropriate for a config-management skill.
Persistence & Privilege
always is false and model invocation is normal. The skill suggests writing its own MEMORY.md but does not request modifying other skills or system-wide settings. No elevated persistence is requested.
Assessment
This skill appears coherent and focused on safely editing OpenClaw configuration, but before installing: 1) Ensure the agent integration actually requires and enforces explicit user confirmation before running 'openclaw doctor --fix' (or run doctor without --fix to preview changes). 2) Keep backups (the SKILL.md already recommends this). 3) Review diffs produced by the skill before accepting changes. 4) Be careful when recording lessons to MEMORY.md — redact any secrets or tokens from saved notes. 5) If you are uncomfortable with automatic fixes, run the diagnostic steps manually or ask the agent to output a proposed patch instead of applying it automatically.

Like a lobster shell, security has layers — review code before you run it.

chinesevk97f86day6dt08abd6tt8x6rsd81wzh9configvk97f86day6dt08abd6tt8x6rsd81wzh9latestvk97f86day6dt08abd6tt8x6rsd81wzh9safetyvk97f86day6dt08abd6tt8x6rsd81wzh9workflowvk97f86day6dt08abd6tt8x6rsd81wzh9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments