The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires administrative access to a target Linux host via SSH to perform environment setup and software installation.
[COMMAND_EXECUTION]: The workflow establishes persistence by creating and managing systemd services (systemctl) to ensure the OpenClaw gateway runs automatically.
[REMOTE_CODE_EXECUTION]: The skill fetches and executes a shell script from NodeSource (deb.nodesource.com) to install Node.js. This targets a well-known and widely used software distribution service.
[REMOTE_CODE_EXECUTION]: The 'Channel Discovery' workflow instructs the agent to visit docs.openclaw.ai, extract installation commands from the documentation, and execute them directly on the host. This dynamic execution of remote web content presents a security surface if the source documentation is tampered with.
[EXTERNAL_DOWNLOADS]: The skill installs several software packages and plugins from public registries (NPM) and external version control systems (GitHub), including @dingtalk-real-ai/dingtalk-connector and @openclaw/feishu.
[PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection through its automated documentation discovery process.
Ingestion points: Web content from docs.openclaw.ai/channels/index and its subpages.
Boundary markers: No specific boundary markers or instructions are provided to the agent to distinguish between documentation and potentially malicious commands.
Capability inventory: The agent has shell access, root privileges via SSH, and package management capabilities (npm, openclaw plugins).
Sanitization: There is no evidence of sanitization or verification of the commands extracted from the documentation before they are executed on the host system.

aliyun-openclaw-setup