ClawHub

Openclaw Troubleshoot

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This instruction-only troubleshooting skill matches its purpose, but its suggested commands can change OpenClaw settings, restart the Gateway, and reference local memory/session files.

This appears safe as a documentation-only troubleshooting skill. Before using its fixes, make a backup of your OpenClaw config, confirm the commands match your exact symptom, expect Gateway restarts to interrupt connections, and avoid sharing raw memory/session/log contents without redaction.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Low
What this means

Running the commands can change which plugins are enabled and temporarily disrupt OpenClaw connections if applied to the wrong situation.

Why it was flagged

The troubleshooting instructions include shell commands that modify OpenClaw's persistent configuration/plugin allow list and restart the Gateway service.

Skill content
openclaw plugins enable memory-core
jq '.plugins.allow += ["memory-core"]' ~/.openclaw/openclaw.json > /tmp/oc.json && mv /tmp/oc.json ~/.openclaw/openclaw.json
launchctl unload ~/Library/LaunchAgents/ai.openclaw.gateway.plist
Recommendation

Run only the commands that match the observed symptom, back up ~/.openclaw/openclaw.json first, and require explicit user confirmation before changing configuration or restarting services.

#ASI06: Memory and Context Poisoning
Low
What this means

If users paste file contents or logs into support chats, they may reveal private agent sessions, remembered information, or sensitive troubleshooting details.

Why it was flagged

The skill points users to OpenClaw session storage, long-term memory, and log files, which may contain private conversation or operational data.

Skill content
会话存储:`~/.openclaw/agents/main/sessions/`
长期记忆:`~/.openclaw/workspace/MEMORY.md`
日志文件:`/tmp/openclaw/openclaw-YYYY-MM-DD.log`
Recommendation

Treat session, MEMORY.md, and log output as private; redact sensitive content before sharing and avoid exposing full files unless necessary.