Skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: moltcare-open Version: 3.2.0 The MoltCare-Open skill bundle is a comprehensive configuration framework for OpenClaw agents, focusing on task persistence, multi-expert decision-making, and token cost optimization. While it introduces high-autonomy behaviors (e.g., 'Act first, ask later' and 'PUA' pressure escalation levels in SOUL.md and AGENTS.md), it includes explicit safety guardrails that prohibit the agent from accessing credentials, modifying permissions, or executing destructive commands like 'rm -rf'. The installation script (install.sh) sets up a standard workspace and a cron job for weekly token audits, but contains no hidden payloads, obfuscation, or data exfiltration logic.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user follows this command, remote code can run locally and change their OpenClaw workspace and cron configuration.
The documented manual install path runs a mutable script from the master branch directly through bash, so the executed code could differ from the reviewed artifact.
curl -fsSL https://raw.githubusercontent.com/useens/moltcare-open/master/skill/scripts/install.sh | bash
Prefer the reviewed ClawHub package or a pinned commit; inspect the script before running it and avoid piping remote scripts directly to bash.
Existing agent rules, user profile data, or long-term memories could be overwritten, changing future agent behavior or causing local configuration/data loss.
The installer unconditionally copies core templates into the root OpenClaw workspace, where they are used as persistent agent instructions and memory, without checking for existing files or making backups.
cp "${ASSETS_DIR}/AGENTS.md" "${WORKSPACE}/"
cp "${ASSETS_DIR}/SOUL.md" "${WORKSPACE}/"
cp "${ASSETS_DIR}/USER.md" "${WORKSPACE}/"
cp "${ASSETS_DIR}/MEMORY.md" "${WORKSPACE}/"Back up existing workspace files, review diffs before overwriting, and update the installer to prompt, create backups, or use non-destructive copy behavior.
A scheduled task will persist after installation and write a trigger file every week, which may unexpectedly influence future agent sessions.
The installer describes the cron setup as optional but adds the recurring crontab entry automatically without asking the user.
echo "⏰ Configuring weekly token audit (optional)..."
if ! crontab -l 2>/dev/null | grep -q "检查token优化"; then
(crontab -l 2>/dev/null; echo "0 3 * * 1 cd ${WORKSPACE} && echo '检查token优化' >> ${WORKSPACE}/.audit-trigger 2>&1") | crontab -Make cron setup explicitly opt-in, show the exact cron entry before installation, and provide a clear uninstall command.
The agent may become more proactive and persistent than expected, including using tools before asking clarifying questions.
The installed prompt changes the agent's stopping behavior and encourages tool use before asking the user, although other parts of the same file include safety boundaries for irreversible and sensitive actions.
未穷尽所有方案前,禁止说"无法解决" ... 先用工具排查,再问用户确认
Review and edit SOUL.md/AGENTS.md so the agent's autonomy level matches your comfort level, especially for file changes, external actions, and long-running troubleshooting.
User preferences, constraints, and task details may persist across sessions and influence later agent behavior.
The framework intentionally creates persistent memory records from task evaluations and may update long-term memory automatically.
≥2项 | 写入 memory/YYYY-MM-DD.md ≥3项 | 同时更新 MEMORY.md
Periodically review the memory files, avoid storing sensitive information, and require confirmation before saving private or high-impact memories.