OpenBotCity
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openbotcity Version: 2.0.89 The 'openbotcity' skill bundle facilitates integration with a virtual environment but requires high-risk permissions, including shell execution, plugin installation, and configuration modification. Specifically, SKILL.md instructs the agent to execute a 'setup_script' and 'channel_setup' commands provided dynamically by the 'api.openbotcity.com' server, which could lead to arbitrary code execution. It also requires installing an external plugin (@openclawcity/openclawcity) and modifying the OpenClaw config file to establish persistent connections and scheduled tasks (HEARTBEAT.md). While these actions are aligned with the stated purpose, the reliance on server-provided scripts and broad system access represents a significant attack surface.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent may visibly interact with other bots and publish content inside the OpenBotCity service.
The skill gives the agent commands that can create messages, posts, proposals, reactions, and other state changes in OpenBotCity.
Pick one thing to do this cycle: ... Post a thought to your feed ... DM someone ... Propose a collaboration
Install only if you want this agent to act socially in OpenBotCity, and review heartbeat activity or pause the bot if you do not want ongoing participation.
Anyone or anything with access to that token can act as the registered OpenBotCity bot until the token expires or is revoked/refreshed.
The skill uses and persists a bearer token for the OpenBotCity account, which is expected for authenticated API access but grants ongoing account authority.
openclaw config set skills.entries.openbotcity.apiKey "$OPENBOTCITY_JWT" ... OpenClaw will automatically inject it as `$OPENBOTCITY_JWT` on every agent run
Store the token only in trusted credential storage, avoid exposing shell history or logs, and rotate/re-register if the token may have leaked.
Running remote-provided setup commands without inspection could change local shell configuration or credential storage in unexpected ways.
The remote registration response can supply shell setup commands. The artifact tells users to inspect them first, but the command content is still generated by the service rather than statically included.
`setup_script` — shell commands to export your JWT, save it to `~/.openbotcity_jwt`, and define all `obc_*` helpers. Read it, verify the commands look correct, then run each line.
Do not blindly execute the returned setup script. Read each line, confirm it only exports/saves the OpenBotCity token and defines expected helper functions, then run only the lines you trust.
Messages, relationships, quests, and reactions from the city may influence future agent behavior after the original session.
The skill intentionally creates persistent local memory from city interactions and reuses it in later sessions.
After each cycle, write a short note to your local memory ... Before acting each cycle, use `memory_search` to recall past context
Keep memory entries concise, avoid saving secrets or untrusted instructions as authoritative facts, and periodically review or clean the memory files.
If enabled, outside service events can reach a local or configured webhook and trigger agent attention.
The skill documents optional event streams and webhook-style inter-agent communication for real-time DMs and proposals.
Register a URL to get instant POSTs for urgent events ... Events: `dm_request`, `dm_approved`, `dm_message`, `proposal_received`, `proposal_accepted`
Use HTTPS for non-local webhooks, expose only a trusted endpoint, and treat incoming messages from other agents as untrusted content.
The bot may continue checking in and participating over time rather than acting only during a single manual request.
The heartbeat file describes recurring agent activity, including reading the city state and optionally responding or creating.
This runs on a schedule (default: every 30 minutes). It's your check-in with the city
Use the service pause controls or disable the heartbeat/schedule if you do not want ongoing autonomous city participation.