Latest release: v10.9.0Download zip
Capabilities
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The advertised purpose is an autonomous “Executive Personal OS” with memory, orchestration, automation, daemon/heartbeat behavior, self-extension, and governance. That is coherent with the package contents, but the requested authority is extremely broad and includes high-impact runtime behaviors.
Instruction Scope
SKILL.md describes automatic operation, auto-repair, daemon management, Git hooks, memory, and self-extension at a high level, but does not clearly define user controls, data boundaries, persistence controls, rollback/uninstall guidance, or approval requirements for all high-impact paths.
Install Mechanism
The registry says there is no install spec and no declared credentials or required environment variables, yet the artifacts include daemon/service/cron-related files and code that reads LLM API credentials. This mismatch makes the operational impact harder for users to understand before enabling it.
Credentials
The skill’s environment reach appears broad: bundled code covers automation, scheduling, workers, alert/webhook channels, LLM calls, local caches under ~/.openclaw, dynamic execution, and autonomous runtime modules. Some of this fits the stated OS-like purpose, but it is not tightly scoped.
Persistence & Privilege
SKILL.md explicitly advertises Git hooks, a daemon manager, and heartbeat executor, and the manifest includes daemon/cron/service artifacts. Persistent background behavior is high-impact and is not clearly bounded or reversible in the user-facing instructions.
Scan Findings in Context
[suspicious.dynamic_code_execution] expected: The event-trigger subsystem may need to evaluate configured conditions, but using Python eval for this is unsafe in an autonomous automation framework and should be replaced with a constrained expression parser.
[suspicious.dynamic_code_execution] expected: Dynamic module loading in a cold-start test can be legitimate, but it should be limited to reviewed local modules and not user-controlled paths.
[suspicious.exposed_secret_literal] unexpected: A packaged hardcoded API key/secret is not expected, especially because the registry declares no credential requirement.
What to consider before installing
Install only if you are comfortable reviewing and controlling a broad autonomous OS-like agent. Before enabling it, verify that no hardcoded secrets remain, disable or inspect daemon/cron/Git-hook/heartbeat behavior, avoid enabling event-trigger eval-based automation, and configure LLM/memory features with clear limits on what data may be sent or cached.infrastructure/automation/event_trigger.py:210
Dynamic code execution detected.
infrastructure/cold_start_test_v2.py:111
Dynamic code execution detected.
infrastructure/ecosystem/partner_manager.py:186
File appears to expose a hardcoded API secret or token.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.