openclaw-remote-minimax-setup

The skill presents a coherent, end-to-end remote provisioning workflow for OpenClaw with MiniMax and Telegram, matching its stated purpose. However, it introduces notable security concerns around credential handling, remote installer trust, and long-lived remote services. The absence of explicit secret management, installer integrity checks, and explicit data-flow protections elevates risk to a suspicious level rather than benign. Mitigations should include: pinning and verifying installer checksums/signatures, using encrypted storage or a vault for credentials, explicit TLS enforcement and certificate pinning where applicable, minimizing persistence scope, and clear logging redaction. Given the combination of remote execution, credential exposure risk, and persistence mechanisms, classify as SUSPICIOUS with high caution pending concrete mitigations and secure design details.