Claw Config

The 'claw-config' skill provides high-risk capabilities allowing an AI agent to self-diagnose and modify its own configuration file (~/.openclaw/openclaw.json) and execute shell commands via the 'openclaw' CLI. While the script (claw-config.py) implements several commendable safety features—such as a cross-agent write guard, automatic configuration backups with rollback on failure, and a cron-context safety gate—it contains a notable vulnerability in the 'docs' subcommand. This command allows the agent to fetch content from arbitrary URLs (SSRF/Remote Prompt Injection), which could be exploited to feed malicious instructions to the agent from an external source. Because these risky capabilities and vulnerabilities are plausibly aligned with the tool's stated purpose but lack evidence of intentional malice, the bundle is classified as suspicious.