Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a disclosed OpenClaw configuration framework, but it can overwrite persistent agent/memory files and add a recurring cron trigger without clear backup or opt-in controls.
Install only after backing up your existing ~/.openclaw/workspace files. Review the prompt templates before making them auto-loaded, avoid the curl-to-bash install path unless pinned and inspected, and remove or opt out of the cron entry if you do not want recurring background triggers.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user follows this command, remote code can run locally and change their OpenClaw workspace and cron configuration.
The documented manual install path runs a mutable script from the master branch directly through bash, so the executed code could differ from the reviewed artifact.
curl -fsSL https://raw.githubusercontent.com/useens/moltcare-open/master/skill/scripts/install.sh | bash
Prefer the reviewed ClawHub package or a pinned commit; inspect the script before running it and avoid piping remote scripts directly to bash.
Existing agent rules, user profile data, or long-term memories could be overwritten, changing future agent behavior or causing local configuration/data loss.
The installer unconditionally copies core templates into the root OpenClaw workspace, where they are used as persistent agent instructions and memory, without checking for existing files or making backups.
cp "${ASSETS_DIR}/AGENTS.md" "${WORKSPACE}/"
cp "${ASSETS_DIR}/SOUL.md" "${WORKSPACE}/"
cp "${ASSETS_DIR}/USER.md" "${WORKSPACE}/"
cp "${ASSETS_DIR}/MEMORY.md" "${WORKSPACE}/"Back up existing workspace files, review diffs before overwriting, and update the installer to prompt, create backups, or use non-destructive copy behavior.
A scheduled task will persist after installation and write a trigger file every week, which may unexpectedly influence future agent sessions.
The installer describes the cron setup as optional but adds the recurring crontab entry automatically without asking the user.
echo "⏰ Configuring weekly token audit (optional)..."
if ! crontab -l 2>/dev/null | grep -q "检查token优化"; then
(crontab -l 2>/dev/null; echo "0 3 * * 1 cd ${WORKSPACE} && echo '检查token优化' >> ${WORKSPACE}/.audit-trigger 2>&1") | crontab -Make cron setup explicitly opt-in, show the exact cron entry before installation, and provide a clear uninstall command.
The agent may become more proactive and persistent than expected, including using tools before asking clarifying questions.
The installed prompt changes the agent's stopping behavior and encourages tool use before asking the user, although other parts of the same file include safety boundaries for irreversible and sensitive actions.
未穷尽所有方案前,禁止说"无法解决" ... 先用工具排查,再问用户确认
Review and edit SOUL.md/AGENTS.md so the agent's autonomy level matches your comfort level, especially for file changes, external actions, and long-running troubleshooting.
User preferences, constraints, and task details may persist across sessions and influence later agent behavior.
The framework intentionally creates persistent memory records from task evaluations and may update long-term memory automatically.
≥2项 | 写入 memory/YYYY-MM-DD.md ≥3项 | 同时更新 MEMORY.md
Periodically review the memory files, avoid storing sensitive information, and require confirmation before saving private or high-impact memories.