The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The deployment guide requires users to execute a shell script directly from the internet using curl -fsSL https://clawd.bot/install.sh | bash. This piped execution from an unverified domain is a high-risk pattern for arbitrary code execution.
[EXTERNAL_DOWNLOADS]: The skill instructs the installation of Node.js using a script from the nvm-sh GitHub repository. While from a well-known service, it involves remote code execution. Additionally, it encourages installing OpenClaw plugins from unverified third-party GitHub repositories such as soimy/openclaw-channel-dingtalk.git.
[COMMAND_EXECUTION]: Users are instructed to download, grant execution permissions (chmod +x), and run a binary file (connector-linux) from a remote URL. Executing unverified binaries on a server poses a significant security risk.
[COMMAND_EXECUTION]: The provided systemd configuration example explicitly sets User=root for the openclaw service. Running non-system software with root privileges significantly escalates the impact of any potential compromise of the OpenClaw gateway.
[PROMPT_INJECTION]: The skill configuration facilitates indirect prompt injection by design through its integration with messaging platforms like DingTalk, Feishu, and Discord.
Ingestion points: User messages received via WebSocket/Webhook from multiple external IM platforms (SKILL.md).
Boundary markers: There are no instructions or boundary markers mentioned to prevent the model from obeying instructions embedded in user messages.
Capability inventory: The skill body acknowledges that the software has "high file system and command execution permissions" and allows spawning agents like codex or qoder for code development.
Sanitization: No sanitization or validation logic is described for the incoming message data before it is processed by the AI agents.

openclaw-complete-deployment-guide