ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Docs

v1.1.0

OpenClaw 官方文档知识库。当用户询问 OpenClaw 相关问题时自动触发,包括:安装配置、CLI 命令、渠道设置(飞书/钉钉/WhatsApp 等)、定时任务(cron)、技能开发、故障排查。提供命令示例和配置模板。

0· 1.4k·15 current·16 all-time
by@z13777869196
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (OpenClaw docs/help) align with the runtime instructions: provide install/config/CLI examples, channel setup, cron guidance and links to official docs. There are no unrelated requirements (no env vars, binaries, or config paths that don't make sense for documentation).
Instruction Scope
SKILL.md contains only guidance, templates, example commands, trigger keywords and links. It does not instruct the agent to read arbitrary local files, exfiltrate data, or access credentials; it explicitly forbids returning real API keys/secrets and uses placeholders.
Install Mechanism
No install spec and no code files beyond package.json and SKILL.md. The examples include an npm install command for users, but the skill itself does not download or execute code during installation.
Credentials
The skill requests no environment variables, credentials, or config paths. Example config paths shown (~/.openclaw/openclaw.json) are appropriate for a docs/help skill and are presented as user-edit examples, not as instructions to read secrets.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or attempt to modify other skills or system-wide settings.
Assessment
This skill is instruction-only and appears coherent with its documentation purpose. Before installing or following commands: verify the official OpenClaw documentation links/domains (docs.openclaw.ai) are legitimate, avoid pasting real API keys or secrets into chat, and if you plan to run example install commands (e.g., npm install -g openclaw@latest) confirm the npm package source and maintainer (there's no homepage listed in the package.json).

Like a lobster shell, security has layers — review code before you run it.

latestvk97a8at7yz62ktvbgbkr9av0gs824c0w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments