Openclaw Automation Guide
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only automation guide with no code or credentials, but its examples include persistent scheduled tasks and cross-platform automations that users should scope carefully.
This skill appears safe as a documentation-only automation guide. If you copy its examples into your OpenClaw configuration, review each task carefully, especially scheduled publishing, email sending, payment-related webhooks, file processing, and message forwarding.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied into a real configuration, tasks may run on a schedule without further prompting.
The guide shows enabled scheduled automation, including a daily content publishing task. This is disclosed and purpose-aligned, but it is persistent autonomous behavior if a user implements it.
cron: ... content_publish: enabled: true ... schedule: "0 9 * * *" ... task: "publish_content"
Only enable automations you intend to keep running, review logs, and use the documented disable command or equivalent controls when no longer needed.
A user who turns these examples into real workflows could accidentally send messages, publish content, or process actions without manual review.
The guide includes automated actions that can have external side effects, such as sending email. The behavior is only documented as an example, not implemented by the skill.
action: - generate_weekly_report - send_email
Add confirmation steps, dry-run modes, rate limits, and clear rollback procedures before using automation for public posting, payments, email, or other high-impact actions.
Messages from one platform could be copied to another platform with different privacy, retention, or audience expectations.
The guide shows message forwarding between different communication platforms. This is consistent with automation guidance, but it creates a potential data-boundary issue if used with private or sensitive messages.
automation: forward: ... source: telegram ... target: discord ... source: wechat ... target: slack
Before enabling forwarding, restrict sources and destinations, exclude sensitive channels, and make sure users of the source channel understand where messages may be sent.