openclaw-install
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation instructs users to download and execute installation scripts directly from 'openclaw.ai' and GitHub by piping them to 'bash', 'sh', or PowerShell's 'iex'. This is a high-risk pattern for executing remote code without verification.
- [EXTERNAL_DOWNLOADS]: The skill references several external download locations for scripts and binaries, primarily 'openclaw.ai' and GitHub repositories. It also neutrally references well-known technology services like Docker and NodeSource for system prerequisites.
- [COMMAND_EXECUTION]: Users are directed to run numerous high-privilege system commands involving 'sudo', 'systemctl', and 'launchctl' to manage services and packages. It also suggests modifying shell configuration files (e.g., '.zshrc') to source remote helper scripts.
- [DATA_EXFILTRATION]: No evidence of unauthorized data transmission or exfiltration was detected; the documentation provides standard templates and guidance for users to manage their own API keys and tokens locally or within secure platform environments.
Audit Metadata