OpenClaw Ops Guardrails
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed on the wrong gateway or node, a device or command runner could gain broad ongoing access without normal approval prompts.
These instructions can lower approval requirements to full/no-prompt mode and approve a device without clearly requiring identity verification, scoping, expiry, or rollback.
需要无审批放行时,设置:`security=full, ask=off, askFallback=full` ... `openclaw devices approve --latest`
Require explicit administrator confirmation before these steps, verify the exact node/device identity, scope any approval bypass to a short maintenance window, and document how to restore approval settings afterward.
The agent may run small commands on a selected node during troubleshooting.
The skill explicitly uses remote command execution as a validation step. This is disclosed and aligned with operations troubleshooting, but it still acts on target devices.
目标设备执行一条最小命令(echo/date/whoami)
Use it only on intended nodes and require confirmation before running anything beyond harmless validation commands.
An active tunnel or related process could be stopped during troubleshooting.
The playbook may terminate an existing tunnel process. This is a normal remediation for port conflicts, but can disrupt active sessions if the PID is wrong.
复用已有 tunnel 或 kill 旧隧道 PID
Confirm the `lsof` result and the process owner before killing any PID.