Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Rescue Instances
v1.0.0一键创建和管理完全隔离的 OpenClaw 救援 Gateway 实例,支持端口自动分配及批量创建。
⭐ 0· 66·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (create isolated rescue Gateway instances) matches the scripts' behavior: creating directories, copying openclaw.json, adjusting ports, creating LaunchAgents and starting services. However the implementation is macOS-specific (launchctl, ~/Library/LaunchAgents, sed -i ''), while the skill metadata declares no OS restriction. Also the generated plist hardcodes user-specific PATH and HOME values (e.g., /Users/zhuobao) and a specific Node installation path; these are not justified by the high-level description and will likely fail or behave unexpectedly on other systems.
Instruction Scope
The runtime instructions and included scripts read and copy the user's existing ~/.openclaw/openclaw.json into each rescue instance. That file can contain credentials, API keys, and other sensitive configuration; the scripts do not comprehensively sanitize or remove secrets (they disable wecom and clear plugin sections in a limited way). The scripts also create persistent system services (LaunchAgents) and change system state (load/unload plists, rm -rf of instance dirs). These actions are within the apparent purpose but involve reading and duplicating potentially sensitive local files without explicit user confirmation in the scripts themselves.
Install Mechanism
This is an instruction-only skill with shell scripts included; there is no external installer, no downloads, and nothing written to disk by an automated installer step beyond the script actions. No remote code fetch URLs or archive extracts were seen.
Credentials
The skill declares no required environment variables or credentials, yet the scripts duplicate the user's existing openclaw configuration (and therefore any embedded API keys/credentials) into new instance directories. The created LaunchAgent plist also includes a hardcoded PATH, HOME, TMPDIR and other environment entries referencing a specific user (zhuobao) and a specific Node installation path; this leaks author-specific environment assumptions and may expose or misplace environment-sensitive values. The skill does not request explicit consent or separate credentials for the new instances.
Persistence & Privilege
The scripts register and load macOS LaunchAgents (RunAtLoad + KeepAlive), giving the created instances persistent background presence. That persistence is coherent with the stated goal (run rescue gateways continuously), but it modifies user launch agent state and will auto-start services. This is expected for a service-creation tool but is a significant change to the user's system and should be highlighted to the user before installation.
What to consider before installing
What to consider before installing/running this skill:
- OS compatibility: The scripts are macOS-specific (launchctl, ~/Library/LaunchAgents, sed -i ''). Don't run them on Linux/Windows. The skill metadata does not declare this.
- Inspect the scripts before running: They copy your existing ~/.openclaw/openclaw.json into new instance directories. That config may contain API keys, tokens, or other secrets. The scripts only partially sanitize settings (they attempt to disable wecom and clear plugin config), but they do not comprehensively remove credentials or other sensitive fields.
- Hardcoded environment values: The generated plist embeds a PATH, HOME and other environment variables referencing /Users/zhuobao and a specific Node path (/opt/homebrew/...). Update these entries to match your machine. If left unchanged, the service may fail to start or run with incorrect environment values.
- Persistence and cleanup: The scripts load LaunchAgents with KeepAlive=true, so instances will auto-restart. Deleting instances uses rm -rf on the created directory and removes the plist; verify the delete script before use and back up any data you care about.
- Safe testing: Run the scripts in a controlled environment (test account, VM, or after backing up ~/.openclaw) to confirm behavior. Consider modifying the scripts to (a) prompt before copying configs, (b) sanitize or require fresh credentials for rescue instances, and (c) template PATH/HOME/Node paths from the current environment rather than using hardcoded values.
Given these inconsistencies and the potential for accidental credential duplication and unwanted persistent services, proceed only after reviewing and adapting the scripts to your system and security requirements.Like a lobster shell, security has layers — review code before you run it.
latestvk976vm98t1w6zeh6dhb229zcas83qf50
License
MIT-0
Free to use, modify, and redistribute. No attribution required.