OpenClaw 集中配置管理系统
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate OpenClaw configuration-template skill, but it needs review because it recommends unverified external installers and includes credential-permission and privacy-scope issues.
Install only if you are comfortable making OpenClaw-wide configuration changes. Before using it, fix the secret-file permission guidance, inspect any scripts it asks you to run, avoid blind `curl | bash` installs, verify ClawRouter's data handling before funding or routing prompts through it, and keep backups of your OpenClaw config and memory files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
API keys or app secrets stored in OpenClaw config files could become readable by other local users or processes on the machine.
The skill warns that some config files contain secrets, but also documents blanket/world-readable `644` permissions and a loader snippet that resets loaded config files to `644`. The provided templates store Feishu, ClawRouter, and SiliconFlow-style API secrets in JSON config files.
chmod 644 ~/.openclaw/config/*.json ... chmod 600 ~/.openclaw/config/channels/feishu.json # 密钥文件更严格 ... chmod 644 "$file" 2>/dev/null
Do not use the unconditional `chmod 644` behavior for secret-bearing files. Keep files containing tokens or app secrets at `600`, consider environment variables or a secrets manager, and verify permissions after running any setup script.
If the remote script, container image, or upstream source is compromised or changes unexpectedly, installing it could execute arbitrary code on the user's machine.
The recommended ClawRouter install path executes a remote shell script directly and also documents an unpinned Docker `latest` image, without checksums, signatures, version pins, or review steps.
curl -fsSL https://blockrun.ai/ClawRouter-update | bash ... docker run ... blockrun/clawrouter:latest
Inspect the installer before running it, prefer pinned releases or checksummed artifacts, avoid `latest` tags, and run the service with least privilege.
A user may assume prompts and cached content never leave their machine, even though model routing may send request content to external providers.
The template makes a strong privacy claim that data stays local/does not leave, while the same configuration routes requests to third-party model providers. That claim is not sufficiently bounded or explained in the artifacts.
"fallback_chain": ["anthropic/claude-sonnet-4", "zhipu/glm-4", "deepseek/deepseek-chat", "openai/gpt-4o-mini"] ... "ClawRouter 本地运行,数据不出境"
Verify ClawRouter's actual data flow, provider routing, logging, caching, retention, and encryption behavior before sending sensitive prompts through it.
These commands can change global OpenClaw behavior and active agent state if run on a real installation.
The setup flow instructs users to run scripts that generate the main configuration, synchronize memory/persona state, and force-restart the OpenClaw gateway.
~/.openclaw/scripts/generate-main-config.sh ... ~/.openclaw/scripts/update-soul.sh ... openclaw gateway restart --force
Back up `~/.openclaw/openclaw.json` and relevant memory/persona files, inspect any scripts before running them, and avoid force restarts until the generated config has been reviewed.
Private context may be stored long-term in memory files and, if memorySearch is enabled, sent to an external embedding API for indexing/search.
The memory templates enable persistent automatic memory writes and semantic memory search using a remote embedding provider.
AI 自动将关键信息写入 memory/YYYY-MM-DD.md ... "baseUrl": "https://api.siliconflow.cn/v1", "apiKey": "{{SiliconFlow API Key}}"Define which memory paths may be indexed, exclude secrets and highly sensitive notes, document retention/deletion rules, and only enable remote memory search after confirming the provider's privacy terms.