Skills
skills/plastic-labs/openclaw-honcho/honcho-setup/Gen Agent Trust Hub

honcho-setup

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the @honcho-ai/openclaw-honcho plugin and its dependencies from the vendor's official distribution channels.
  • [DATA_EXFILTRATION]: Uploads workspace files, including identity, memory, and agent configuration files, to api.honcho.dev. This behavior is the stated primary purpose of the skill, is clearly disclosed in a dedicated warning, and requires explicit user confirmation via an interactive prompt.
  • [COMMAND_EXECUTION]: Executes shell commands to manage plugins, run the interactive setup utility, and restart the gateway service.
  • [CREDENTIALS_UNSAFE]: Collects the HONCHO_API_KEY through an interactive prompt and persists it in the ~/.openclaw/openclaw.json configuration file for the plugin's operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 10:28 PM