install-openclaw-to-hetzner

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs extensive infrastructure management using the hcloud CLI and SSH. It automates the creation and deletion of firewalls, provisioning of virtual machines, and execution of system-level bootstrap scripts. This level of autonomous control over a cloud billing account requires significant trust.
  • [CREDENTIALS_UNSAFE]: The installation wizard requires the user to input several high-value secrets: a Hetzner Cloud API token (hv2-…), a Telegram Bot token, and LLM API keys (Anthropic or OpenRouter). These tokens are handled in plaintext within the agent's context and passed to the remote server during the deployment process.
  • [EXTERNAL_DOWNLOADS]: The skill fetches and executes content from several external sources. It downloads the hcloud CLI from GitHub, configures Node.js via the NodeSource repository, and installs the openclaw package from the npm registry. It also clones the ceo-ai-os repository to seed the bot's workspace. These sources are well-known technology providers.
  • [REMOTE_CODE_EXECUTION]: The skill dynamically generates a cloud-init.yaml bootstrap script by interpolating user-provided secrets into a template. This script is executed with root privileges on the newly created Hetzner VM. Additionally, the skill uses SSH to execute remote configuration and verification commands on the target instance.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 04:55 AM
Security Audit — agent-trust-hub — install-openclaw-to-hetzner