Latest release: v1.0.4Download zip
Capabilities
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose is only a sparse KDP bundle label, while the files define a general OpenClaw workspace with identity, memory, browser, communications, social, business, and background-check workflows.
Instruction Scope
The instructions give broad autonomy to read and edit memory, check accounts, reach out, and commit/push changes. Some approval boundaries for public actions are present, but the scope remains much wider than the stated skill purpose.
Install Mechanism
There is no install spec showing automatic setup, which reduces immediate execution risk. However, included helper scripts use hard-coded absolute paths, launch a persistent browser profile if invoked, and one script can send a Discord message.
Credentials
The artifacts reference logged-in dashboards, webmail, social accounts, CRM, Stripe, WhatsApp, Telegram, and Discord despite metadata declaring no credential requirement or clearly bounded account scope.
Persistence & Privilege
The bundle is built around persistent memory, preserved cookies/login state, shared browser sessions, heartbeats, and keepalive behavior, all of which create durable authority beyond a simple authoring skill.
What to consider before installing
Review this carefully before installing. Only use it with a dedicated low-privilege browser profile, remove or disable heartbeat/background behavior unless explicitly wanted, do not connect personal social or messaging accounts until the scope is clear, and audit the included scripts before running or scheduling them.