install-openclaw-to-hetzner
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive infrastructure management using the
hcloudCLI and SSH. It automates the creation and deletion of firewalls, provisioning of virtual machines, and execution of system-level bootstrap scripts. This level of autonomous control over a cloud billing account requires significant trust. - [CREDENTIALS_UNSAFE]: The installation wizard requires the user to input several high-value secrets: a Hetzner Cloud API token (
hv2-…), a Telegram Bot token, and LLM API keys (Anthropic or OpenRouter). These tokens are handled in plaintext within the agent's context and passed to the remote server during the deployment process. - [EXTERNAL_DOWNLOADS]: The skill fetches and executes content from several external sources. It downloads the
hcloudCLI from GitHub, configures Node.js via the NodeSource repository, and installs theopenclawpackage from the npm registry. It also clones theceo-ai-osrepository to seed the bot's workspace. These sources are well-known technology providers. - [REMOTE_CODE_EXECUTION]: The skill dynamically generates a
cloud-init.yamlbootstrap script by interpolating user-provided secrets into a template. This script is executed with root privileges on the newly created Hetzner VM. Additionally, the skill uses SSH to execute remote configuration and verification commands on the target instance.
Audit Metadata