AI Agent Runtime
ReviewAudited by ClawScan on May 10, 2026.
Overview
Review before installing: this skill points users to an external FastClaw runtime installed by remote scripts, then asks for LLM API keys and stores agent memory locally.
Install only if you trust the FastClaw GitHub source and have reviewed the remote installer. Prefer verified, pinned releases; use limited-scope LLM API keys; keep the web UI on localhost; and review or delete ~/.fastclaw data when you no longer need the runtime.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote installer or downloaded binary could run with the user's permissions, and on Windows the docs recommend administrator PowerShell.
The recommended install methods execute remote scripts from an external GitHub repository, while the reviewed package has no OpenClaw install spec or shown checksum/signature verification.
irm https://raw.githubusercontent.com/fastclaw-ai/fastclaw/main/install.ps1 | iex ... curl -fsSL https://raw.githubusercontent.com/fastclaw-ai/fastclaw/main/install.sh | bash
Inspect the remote installer and release before running it, prefer pinned releases with published checksums/signatures, and avoid administrator/sudo use unless required.
Anyone or anything that can access the local runtime data may be able to use the configured LLM provider account or incur usage costs.
The runtime asks users to enter LLM provider credentials and stores API keys locally; this is expected for multi-provider LLM support but is sensitive authority.
API Key:填入你的 OpenRouter API Key ... .fastclaw/ ... apikeys.json # API 密钥
Use restricted provider keys where possible, monitor usage, and remove keys from ~/.fastclaw if uninstalling or sharing the machine.
Personal preferences, project context, or incorrect/maliciously influenced notes can persist and affect future agent behavior.
The agent template explicitly uses long-term memory and encourages proactive updates after conversations.
FastClaw 使用 `MEMORY.md` 存储长期记忆。每次对话结束后,如果学到了新东西,主动更新 `MEMORY.md`.
Review MEMORY.md periodically, avoid storing secrets there, and consider requiring explicit approval before memory updates.