Safety Report

Comprehensive skill for installing, configuring, and managing the OpenClaw ecosystem (Gateway, Channels, Models, Automation, Nodes, and Deployment)

Name: Comprehensive skill for installing, configuring, and managing the OpenClaw ecosystem (Gateway, Channels, Models, Automation, Nodes, and Deployment)
Rating: 3 (22 reviews)
Author: doanbactam

@doanbactam

OpenClaw CLI wrapper — gateway, channels, models, agents, nodes, browser, memory, security, automation.

6,375Downloads

56Installs

22Stars

3Versions

Workflow Automation3,323 CLI & Shell Tools1,805 Browser Automation1,737 Security & Compliance1,716

Security Analysis

medium confidence

Suspicious0.12 risk

The skill is largely what it claims (a CLI wrapper + local docs) but there are small inconsistencies and meaningful risk vectors — it delegates arbitrary OpenClaw CLI operations (including high-risk actions) and references many sensitive env/config flows without declaring them, so you should review how you'll use it and what credentials you expose before installing.

Feb 27, 202611 files4 concerns

Purpose & Capabilitynote

Name/description match the contents: this is an OpenClaw CLI wrapper plus local reference docs. However the SKILL.md and script require the 'openclaw' CLI to be on PATH while the registry 'requirements' section lists no required binaries — a minor metadata mismatch. Otherwise the files are consistent with the stated purpose (no unrelated clouds/credentials requested).

Instruction Scopenote

Runtime instructions and the included scripts simply forward arguments to the user's installed 'openclaw' binary and ship docs. That means the wrapper can run any OpenClaw subcommand (including high-risk operations) — but it enforces a gate via OPENCLAW_WRAPPER_ALLOW_RISKY=1. The SKILL.md is explicit about which commands are 'high-risk'. Still, because the wrapper delegates to an external CLI, installing this skill grants the agent a conduit to invoke many potentially privileged operations if the high-risk gate is enabled.

Install Mechanismok

Instruction-only skill with a small helper script. There is no installer that downloads remote code or writes arbitrary binaries; nothing is fetched from external URLs. This is low-risk from an installation perspective.

Credentialsconcern

The skill does not declare required env vars but the docs and references mention many sensitive variables (OPENCLAW_GATEWAY_TOKEN, OPENCLAW_GATEWAY_PASSWORD, OPENCLAW_LOAD_SHELL_ENV, OPENCLAW_WRAPPER_ALLOW_RISKY, etc.). The wrapper itself checks only OPENCLAW_WRAPPER_ALLOW_RISKY, but the described OpenClaw usage patterns (config hot-load, .env loading, secret refs, gateway tokens) imply the user may provide secrets to the runtime. The skill asks for no unrelated credentials, but the lack of explicit env declarations combined with documented .env and shell-env import deserves caution.

Persistence & Privilegenote

The skill is not 'always' enabled and does not request elevated platform privileges. However it can be invoked autonomously by the agent (disable-model-invocation is false by default). If the environment gate OPENCLAW_WRAPPER_ALLOW_RISKY is set, the skill can execute high-risk CLI commands — so autonomous invocation plus a permissive env increases blast radius. This is not inherently malicious but is an important operational risk to consider.

Guidance

This skill is basically a thin wrapper and a local copy of OpenClaw docs — that is coherent with its name. Before installing: (1) verify you trust the installed 'openclaw' CLI the wrapper will call (the wrapper simply forwards commands); (2) do not set OPENCLAW_WRAPPER_ALLOW_RISKY=1 globally unless you understand and approve the specific high-risk actions (secrets apply, plugin/hook install, device pairing, browser automation, node invoke, dns/webhooks, sandbox recreate, etc.); (3) avoid placing gateway tokens or other secrets in an unprotected .env in a workspace where the skill can load them; prefer interactive or restricted secret providers; (4) confirm the registry metadata matches reality (the script requires 'openclaw' in PATH but the skill metadata did not list required binaries); and (5) if you expect the agent to call this skill autonomously, restrict its invocation or review logs/approvals for high-risk operations. If you want higher assurance, inspect the system 'openclaw' binary source or run wrapper commands manually (without enabling the risky gate) to validate behavior.

Latest Release

v2.0.0

openclaw-anything 2.0.0 - Expanded and streamlined documentation with improved quick references and global flags list. - Clarified security model, distinguishing low-risk and high-risk commands with specific environmental gates. - Updated and detailed command routing, clearly separating low-risk and high-risk operations. - Simplified prerequisites and non-goals for clearer onboarding and maintenance.

More by @doanbactam

Agent Skills Search

2 stars

harness-engineering

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Published by @doanbactam on ClawHub