OpenClaw
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Clones the project source code from an external, untrusted GitHub repository (https://github.com/openclaw/openclaw.git).
- [REMOTE_CODE_EXECUTION]: Instructs the user to execute code built from the external repository using 'node dist/index.js'.
- [COMMAND_EXECUTION]: Executes various shell commands to set up the environment, install dependencies, and build the project, including 'npm install' and 'pnpm build'.
- [COMMAND_EXECUTION]: Recommends running the gateway process in the background using 'nohup', which allows the process to persist after the session ends.
- [EXTERNAL_DOWNLOADS]: Uses 'curl' to interact with the Discord API for token verification, which is a well-known service.
Audit Metadata