Skillv1.0.0

ClawScan security

Openclaw Production Deploy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 4:54 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package generally looks like a plausible OpenClaw production deployer, but the manifest/metadata and shipped files disagree with the documentation and the scripts perform network installs and system-level changes without clearly declared requirements — review before running, especially as root.
Guidance: This package looks like a real OpenClaw deployer, but there are important inconsistencies and things to check before running it: - Missing files: SKILL.md and docs reference many scripts (step2-install.js, step3-configure.js, monitoring and backup scripts) that are not included in the published manifest. Do not assume the 'one‑click' deployment will work — inspect the repository or contact the author to obtain the missing scripts. - Required tools: The scripts require Node.js (>=22), npm (>=10), git and the OpenClaw CLI; the registry metadata does not declare these. Ensure you have the correct versions installed. - Network installs: deploy.js will run npm install -g, npx, and git clone. These perform network downloads and will install code globally. If you accept, prefer to inspect the exact commands and versions, run in a controlled environment (VM/container), and avoid running as root unless necessary. - Backup and review: Back up any existing ~/.openclaw configuration before running. Inspect deploy.js and any other scripts you will run for unexpected network POSTs, external endpoints, or code that sends data off-host. - Principle of least privilege: Run initial checks first (step1-environment.js) in a non-privileged session. Only grant admin/root when you understand the service-install steps and trust the source. - Verify origin: The skill lists no homepage and source is unknown. Prefer installing from an official OpenClaw repository or a publisher you can verify. Ask the publisher for the full source tree, checksums, or a link to the canonical repo before using in production. If you want, I can: 1) diff the SKILL.md's referenced file list against the manifest and produce a precise 'missing files' list, 2) scan the two included scripts for suspicious patterns (network exfil, obfuscation), or 3) draft safe commands to run in a sandbox to validate behavior.

Review Dimensions

Purpose & Capability: concernThe skill claims to provide a full production deployment for OpenClaw (service registration, autostart, monitoring). That purpose is consistent with the included deploy and environment-check scripts. However the registry metadata lists no required binaries/configs while the docs and scripts clearly require Node.js (22+), npm, git, and the OpenClaw CLI. Several files referenced throughout SKILL.md (step2-install.js, step3-configure.js, monitoring/..., backup/...) are listed in the docs but are not present in the published file manifest. This mismatch between claimed functionality and shipped files is a meaningful inconsistency.
Instruction Scope: concernSKILL.md and deploy.js instruct the agent/user to run command-line installers, create system services, write production config files (~/.openclaw/production-config.yaml), generate tokens, and perform network operations (npm install, git clone). The included step1-environment.js performs filesystem writes and network checks. These actions are within scope for a deployer, but the instructions also reference many additional scripts that are missing — so following the provided 'one-click' flow may attempt commands that don't exist. The scripts read and write user home configuration and create system services, which require elevated privileges; nothing in metadata warns about missing scripts or external network installs beyond normal docs.
Install Mechanism: noteThe skill is instruction-only (no install spec in registry), but the deploy script runs network install commands (npm install -g openclaw, registry switch to https://registry.npmmirror.com, npx, git clone from GitHub). Using npm/GitHub is expected for installing OpenClaw but the deploy script performs global installs and repository clones without integrity checks (no checksums or pinned versions). That is moderate risk but coherent with a deployer; the absence of required-binaries metadata and missing referenced scripts increases concern.
Credentials: concernThe skill declares no required environment variables or credentials, which matches that it does not exfiltrate secrets. However it requires elevated privileges for service registration and will create files under the user's home and system service locations. It also generates and writes an auth token into a local config file. The lack of declared requirements (Node/npm/git/OpenClaw CLI) in registry metadata is a proportionality mismatch and should be corrected by the publisher.
Persistence & Privilege: okThe skill does not request 'always: true' nor does it modify other skills. It instructs creating system services and configuring autostart (expected for a deploy tool) which requires administrative rights on the host. That behavior is within scope for a deployment skill.