OCT 助手
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only OCT guide that openly points users to an external desktop app with broad computer-control features, so the main caution is to verify the download and use those powers carefully.
This skill is mainly a guide and does not include executable code. Before installing the linked OCT desktop app, verify that the GitHub release is trustworthy. After installation, treat requests involving file operations, system settings, Git, or terminal commands as high-impact actions and review them carefully.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user installs and uses OCT, mistakes or overly broad instructions could change local files, settings, apps, Git repositories, or run shell commands.
The guide describes broad local system and terminal capabilities. This is aligned with OCT's stated purpose, but these capabilities can affect files, applications, settings, repositories, and commands on the user's machine.
| 🎮 系统控制 | 文件操作、应用管理、系统设置 | ... | 🔧 开发助手 | 代码生成、Git 操作、终端命令 |
Use OCT for system or terminal actions only when you understand the requested action, and review any file, settings, Git, or shell operation before allowing it.
Installing an external EXE, DMG, or AppImage gives that desktop application local execution capability on the user's computer.
The skill directs users to external desktop installers from a GitHub release. This is user-directed and purpose-aligned, but the artifact does not provide hashes, signatures, or other verification guidance.
**GitHub Release**: https://github.com/zl585451/openclaw-terminal/releases/tag/v0.1.2
Download only from the intended GitHub project, check release authenticity where possible, and avoid installing if the source or binary cannot be trusted.