alicloud-platform-openclaw-setup

The skill describes a cohesive deployment workflow for OpenClaw with multiple channel integrations and DashScope model support. However, it requires handling sensitive credentials (channel tokens, AppKeys, and API keys) and installs plugins from public and GitHub sources, which introduces non-trivial supply-chain and credential risks. The data flow includes credential usage in configuration and API interactions, and there are potential data-exfiltration concerns if credentials leak through logs or misconfigured gateways. Overall, the footprint is moderately risky (suspicious-to-benign boundary) given the sensitive credential handling and third-party plugin installation patterns. Treat as suspicious until sources and plugin integrity are verified, and ensure secret management, verified registries, and minimized broad data exposure.