Install, update, and monitor E.x.O. tools like jasper-recall and hopeIDS, manage OpenClaw plugins, and perform health checks with a single command.
Security Analysis
medium confidenceThe skill's purpose (install/manage E.x.O. tools) is plausible, but the runtime instructions and shipped code request capabilities (installing global npm packages, running npx setup commands, cloning internal GitHub repos, writing state and possibly cron/config changes) that are not well-declared or scoped, so you should be cautious before installing or running it.
The SKILL.md and cli.js broadly match the stated purpose (install/update/health-check of E.x.O. packages). However the skill executes global npm installs, npx commands, and may clone private GitHub repos — yet the metadata declares no required binaries or environment variables (e.g., git, npm, or a GitHub token). That mismatch (declaring nothing required while the code needs npm/git and potentially credentials) is disproportionate and inconsistent.
Runtime instructions and the shipped cli.js instruct the agent to run arbitrary shell commands (npm install -g, npx <tool> setup, doctor commands), check/modify files under ~/.openclaw, and suggest cloning internal repos requiring GitHub access. Those actions can execute arbitrary third-party code (via npm/npx) and touch user files; the SKILL.md does not document authentication or safety boundaries (how internal repo access is obtained, or what auto-registration modifies). This expands scope beyond a simple 'installer' without clear safeguards.
There is no external install spec (skill is instruction-only) and the included code uses standard sources: npm registry and GitHub. No unusual remote download URLs or archive extraction were observed. Installing or running this CLI will invoke npm and npx which pull and execute code from package registries — normal for an installer but a real risk if you don't trust the packages being installed.
The package expects access to private/internal GitHub repos and can send alerts (README mentions Telegram), but requires.env is empty and no primary credential is declared. The packages.json includes internal packages with localPath entries under ~/projects, which implicitly accesses user files. Requiring GitHub access and potential notification tokens without declaring them is an inconsistency and increases risk.
The CLI writes state to ~/.openclaw/exo-state.json and references the OpenClaw config path (~/.openclaw/openclaw.json); README and SKILL.md mention cron setup and auto-registration. The skill is not 'always:true' and does not appear to escalate privileges beyond user-level file writes, but it will persist state and may create cron jobs or modify OpenClaw config if run — consider this persistent footprint when evaluating trust.
Guidance
What to consider before installing/running this skill: - Trust the source: the CLI will run global npm installs and npx commands (these pull and execute third-party code). Only proceed if you trust the E.x.O. packages and the GitHub org listed. - Missing declared requirements: the skill requires npm, npx, git and may need GitHub credentials and Telegram tokens for alerts, but these are not declared — expect to provide or have these configured in your environment. - Local file access & persistence: it reads/writes ~/.openclaw/* and checks ~/projects paths; it can create state files and may modify OpenClaw config or set cron jobs. If you want to limit impact, run it in an isolated environment or container first. - Private repo cloning: internal packages reference private repos/local paths. If you run the 'internal clone' command the skill will attempt to access your GitHub account or local project directories — verify what it will clone and where. - Inspect the code: the shipped cli.js is readable; review the remainder of the truncated code paths (cron, telegram integration, internal clone) before use. Confirm how 'auto-register with OpenClaw' is implemented and whether it modifies other skills' configs. If unsure: run the tool in a disposable VM/container, or request the maintainer to clarify required credentials (GitHub token, Telegram token), the exact changes performed on ~/.openclaw, and supply signed provenance (official GitHub repo) before granting it access to your primary environment.
Latest Release
v0.4.1
Add SKILL.md and openclaw.plugin.json for ClawHub
More by @emberDesire
Published by @emberDesire on ClawHub
