The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent and user to hardcode real API keys in plain text within configuration files (e.g., '必须硬编码真实 key'). It provides a specific example using an API key string format ('sk-f873092ea177b75b...'), promoting insecure secret storage practices.\n- [DATA_EXFILTRATION]: The skill and its associated script scripts/check_config.sh access the sensitive configuration file ~/.openclaw/openclaw.json. This file is a high-value target as it contains messaging account secrets, API credentials, and user identifiers for platforms like Telegram and WhatsApp.\n- [COMMAND_EXECUTION]: The skill performs several direct system command executions including gateway actions to patch, apply, or retrieve system configurations, as well as the openclaw status command. It also invokes an external script located at ~/clawd/skills/tavily/scripts/tavily.sh.\n- [EXTERNAL_DOWNLOADS]: The skill uses the web_fetch capability to retrieve documentation and configuration references from the domain docs.openclaw.ai.\n- [PROMPT_INJECTION]: The skill processes data from external web sources and local configuration files without sufficient sanitization or boundary markers, creating a surface for indirect prompt injection.\n
Ingestion points: Documentation retrieved via web_fetch from docs.openclaw.ai and current configuration values read from ~/.openclaw/openclaw.json.\n
Boundary markers: None identified in the provided templates to delimit untrusted data.\n
Capability inventory: Significant capabilities to modify system-wide configuration via gateway action=config.patch and gateway action=config.apply.\n
Sanitization: No validation or escaping of external content before it is interpolated into agent reasoning or configuration commands.

openclaw-config-helper