← Back to Skills Marketplace
OpenClaw Quickstart Setup
by
sepulchralvoid666
· GitHub ↗
· v1.0.0
· MIT-0
74
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-quickstart-setup
Description
Complete OpenClaw setup automation skill. Installs gateway, hardens security (localhost binding, auth), routes to cost-effective models (DeepSeek/Kimi for si...
Usage Guidance
This guide appears to do what it says (quickstart/install/configure), but it also gives the agent recurring autonomous duties (cron/heartbeat) and tells you to install other skills from registries that may be unvetted. Before following it: 1) Inspect the openclaw npm package and the upstream source (GitHub repo, maintainers, recent releases) and pin a known-good version instead of blindly `npm i -g`. 2) Vet any third‑party skills (wacli, maton, etc.) before installing; avoid paste-installing commands from untrusted sources. 3) Only provide channel tokens (Telegram/Discord/WhatsApp/email) to config files you control; do not paste them into public chat. 4) Narrow the cron/heartbeat actions — make them non-executing tests first, or run them in a sandbox/VM/container. 5) Keep the gateway bound to localhost and prefer a secure tunnel (Tailscale) for remote access. 6) Backup configuration and review memory/heartbeat files for sensitive content. If you want higher assurance, request the upstream package sources, checksums, and a maintainers list before installing.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-quickstart-setup
Version: 1.0.0
The skill bundle is a comprehensive setup and configuration guide for the OpenClaw platform. It provides instructions for the agent to automate security hardening (binding to localhost, enabling authentication), cost-effective model routing, and channel integration (Telegram, Discord). It includes defensive recommendations, such as enabling skill allow-lists, and warns against potential ecosystem threats. While it references fictional or future-dated security vulnerabilities (e.g., CVE-2026-25253 in SKILL.md), the instructions are consistently aligned with its stated purpose of providing a secure and optimized production setup without any evidence of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
The name/description (quickstart setup, gateway hardening, channel connectors, routing models, starter workflows) match the SKILL.md instructions. The steps (npm install openclaw, configure gateway, add channels, install skills) are coherent with the stated purpose.
Instruction Scope
The runtime instructions go beyond one‑off configuration: they create recurring cron jobs and a 'heartbeat' that instructs the system to 'Execute priority tasks' and to read HEARTBEAT.md — this is vague and grants the agent recurring autonomous behavior. They also instruct installing additional skills (wacli, maton) which will further expand capabilities and risk. The guide does not constrain what the cron/heartbeat may execute.
Install Mechanism
There is no install spec in the registry entry (instruction‑only). The SKILL.md tells the user to run `npm i -g openclaw` and to install other skills via `openclaw skills install`. Installing packages from npm/ClawHub is normal for this task, but it pulls code from third‑party registries and unvetted skill repositories — a moderate risk that the user should review the upstream packages and pin versions.
Credentials
The registry declares no required env vars, but the instructions require/expect service tokens (Telegram/Discord bot tokens, WhatsApp pairing, email access via Maton) and external network setup (Tailscale). Requesting those credentials is proportionate to connecting channels, but the skill does not declare them formally — users may accidentally supply broad credentials or paste tokens without vetting. Also the SKILL.md suggests reading/writing MEMORY.md and HEARTBEAT.md, which could include sensitive data.
Persistence & Privilege
always:false is fine, but the skill explicitly instructs creating cron jobs and a heartbeat that will run periodically and trigger system events. That grants ongoing autonomous execution capability and increases blast radius if a malicious or buggy skill is installed. The guide also instructs installing additional skills which may persist or expand privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-quickstart-setup - After installation, invoke the skill by name or use
/openclaw-quickstart-setup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is OpenClaw Quickstart Setup?
Complete OpenClaw setup automation skill. Installs gateway, hardens security (localhost binding, auth), routes to cost-effective models (DeepSeek/Kimi for si... It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.
How do I install OpenClaw Quickstart Setup?
Run "/install openclaw-quickstart-setup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Quickstart Setup free?
Yes, OpenClaw Quickstart Setup is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenClaw Quickstart Setup support?
OpenClaw Quickstart Setup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Quickstart Setup?
It is built and maintained by sepulchralvoid666 (@sepulchralvoid666); the current version is v1.0.0.
More Skills