openclaw-deploy
Fail
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill fetches shell scripts from openclaw.ai and nodesource.com and pipes them directly into bash to automate the installation of Node.js and the OpenClaw software.
- [COMMAND_EXECUTION]: The skill performs intrusive system modifications on the target server, including moving the original /usr/bin/chromium binary to a backup location and replacing it with a custom wrapper script to manage proxy environments and browser paths.
- [COMMAND_EXECUTION]: The skill uses sed to modify the JavaScript source code of the installed application within the system-wide /usr/lib/node_modules/ directory to adjust hardcoded timeout values and CDP connection parameters.
- [COMMAND_EXECUTION]: The skill configures and enables multiple systemd user services (openclaw-gateway.service, proxy-relay.service, and xvfb.service) to ensure software persistence and background execution across reboots.
- [EXTERNAL_DOWNLOADS]: The skill downloads environment setup scripts and configuration files from the vendor's official domain (openclaw.ai) and a well-known Node.js distribution service (nodesource.com).
- [CREDENTIALS_UNSAFE]: The skill collects sensitive credentials, including AI model API keys and chat bot tokens (Telegram, Discord, Feishu), via user prompts and stores them in a plain-text JSON configuration file on the remote server's file system.
- [COMMAND_EXECUTION]: The skill instructs users to manually extract session tokens (auth_token) from their personal browser for X/Twitter automation, which are then injected into the remote server's Chromium environment via the Chrome DevTools Protocol.
Recommendations
- HIGH: Downloads and executes remote code from: https://openclaw.ai/install.sh, https://deb.nodesource.com/setup_22.x, https://rpm.nodesource.com/setup_22.x - DO NOT USE without thorough review
Audit Metadata