openclaw

This skill is documentation for installing and running a legitimate self-hosted assistant. It requests and manages sensitive credentials (channel tokens, model provider tokens) and installs a persistent system daemon, which are necessary for its functionality but increase attack surface. There is no clear evidence of malicious intent in the content provided. Primary risks are supply-chain (unverified installs/updates), credential storage concentration under ~/.openclaw/, possible local gateway insecurity, and the potential for misconfiguration to send data to remote hosts. Recommend: verify package sources and signatures, run with least privilege, secure the local gateway (authentication, socket permissions, firewall), rotate/store credentials using secure stores when possible, and audit the installed daemon and update channels before granting system-service privileges.