OpenClaw 沙盒测试系统
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is broadly aligned with OpenClaw sandbox testing, but it overstates safety while providing scripts that can restart production OpenClaw and leave a background gateway running.
Review the shell scripts before running them. Treat apply-config.sh as a production-impacting script, not a zero-risk sandbox action. Make your own backup, validate after every manual edit, know how to stop the background sandbox Gateway, and be cautious of the hard-coded /Users/wh1ko HOME path on non-author systems.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad manual edit could be applied to production and restart OpenClaw into a broken state despite the skill advertising safe configuration changes.
The script validates before the user is told to manually modify the production config, then restarts the production Gateway without a post-edit validation or automatic rollback check.
validate_config
apply_config
restart_gateway
...
echo -e "${YELLOW}提示:请手动修改配置文件${NC}"
read
...
openclaw gateway restartRe-validate after the final config edit and before restart, add a trap-based rollback path, and make the user explicitly confirm the exact production file being changed.
Users may trust the skill more than warranted and run high-impact configuration scripts without reviewing their effects.
The documentation makes strong zero-risk and SAFE claims, but the provided scripts can change production configuration workflows, restart the Gateway, and start a persistent background service.
**为 OpenClaw 配置变更提供零风险沙盒测试环境** **安全评级**: 🟢 SAFE
Replace absolute safety claims with precise, bounded statements about what is backed up, what is isolated, what still affects production, and what the user must verify.
The sandbox service may remain running, consume resources, or conflict with later tests if the user forgets to stop it.
The sandbox starts a background OpenClaw Gateway that continues after the script exits. This is disclosed and purpose-aligned, but it is persistent local behavior.
nohup openclaw gateway run --bind loopback --port 18800 \ > $SANDBOX_DIR/.openclaw/logs/gateway.log 2>&1 & echo $! > $SANDBOX_DIR/.openclaw/gateway.pid
Provide a clear stop command or cleanup script that uses the recorded PID and documents when the background Gateway remains active.
On other systems, environment cleanup could point OpenClaw or shell commands at the wrong home directory, causing configuration confusion or file writes in an unexpected location.
The cleanup script resets HOME to a hard-coded author path instead of the current user's real home directory, which is not portable and could misdirect later commands if sourced or adapted.
if [ "$HOME" != "/Users/wh1ko" ]; then
export HOME="/Users/wh1ko"
echo -e "${GREEN}✓ HOME 已恢复${NC}"
fiRemove the hard-coded path and restore HOME from a saved original value or avoid changing HOME in cleanup guidance.
Installation may appear dependency-free, but the scripts will fail or behave differently unless those local tools are available.
The script depends on Git and OpenClaw, while the registry metadata declares no required binaries. This is likely a metadata gap rather than hidden behavior.
if ! command -v git &> /dev/null; then ... if ! command -v openclaw &> /dev/null; then
Declare git and openclaw as required binaries or clearly document them as prerequisites in the registry metadata.