Skills
skills/plastic-labs/openclaw-honcho/honcho-setup/Gen Agent Trust Hub

honcho-setup

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the @honcho-ai/openclaw-honcho plugin through the OpenClaw plugin manager and suggests a manual npm install for internal dependency resolution within the plugin directory.
  • [DATA_EXFILTRATION]: Reads and transmits various workspace files including USER.md, MEMORY.md, IDENTITY.md, SOUL.md, AGENTS.md, BOOTSTRAP.md, TOOLS.md, and the entire memory/ and canvas/ directories to the external endpoint api.honcho.dev (or a user-defined HONCHO_BASE_URL).
  • [COMMAND_EXECUTION]: Executes shell commands via the openclaw CLI to install plugins, perform setup, and restart the gateway service.
  • [CREDENTIALS_UNSAFE]: Collects a HONCHO_API_KEY through an interactive terminal prompt and saves it in plain text within the configuration file at ~/.openclaw/openclaw.json.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 03:25 AM