← Back to Skills Marketplace
250
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-setup-assistant
Description
Automates OpenClaw VPS setup, applies security hardening, configures multi-agent systems, messaging integrations, and generates deployment documentation.
Usage Guidance
Do not run this skill on a production host without manual review. Specific actions to take before installing/using: 1) Ask the publisher for provenance and a vetted install script or step-by-step commands you can inspect; 2) Require the skill to declare exactly which environment variables and files it will read/write (AI keys, bot tokens, openclaw.json path); 3) Test in an isolated VM or staging instance first; 4) Provide only temporary, least-privilege API tokens (rotate or revoke after testing); 5) Review any commands the agent proposes before executing, especially user creation, firewall and package installation steps; 6) Ensure the gateway/service is actually bound to localhost and sandbox mode is enabled in configuration; 7) Prefer manual setup or a signed/traceable installer if you cannot audit the commands. If the publisher cannot explain the metadata omissions (no declared env vars/binaries) and provide transparent install instructions, consider this skill untrusted.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-setup-assistant
Version: 1.0.0
The bundle contains metadata and instructions for a VPS setup assistant focused on OpenClaw deployment and security hardening. The SKILL.md file outlines legitimate administrative tasks such as configuring UFW firewalls, fail2ban, and non-root users, with no evidence of malicious intent, data exfiltration, or hidden prompt-injection attacks.
Capability Assessment
Purpose & Capability
The SKILL.md claims to perform full VPS setup (installing Node.js/OpenClaw, configuring UFW, SSH, fail2ban, creating users, editing openclaw.json, binding gateways, installing integrations). Those actions normally require root/sudo, specific binaries (node, ufw, fail2ban, systemctl, cron), and credentials for AI providers and messaging platforms. The registry metadata, however, lists no required env vars, binaries, or config paths — an incoherence between claimed purpose and declared requirements.
Instruction Scope
Instructions are high-level but direct the agent to perform system-level changes (user creation, firewall rules, package installs, editing configuration files, binding services, setting up cron jobs) and to configure external integrations using API keys/tokens. The SKILL.md does not include explicit safe-guards, nor does it enumerate precisely which credentials or files will be read/written, giving the agent broad discretion over sensitive operations.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk because nothing will be written by a packaged installer. The risk comes from the actions the instructions ask the agent to perform on the target VPS, not from an installer downloading arbitrary code.
Credentials
SKILL.md explicitly requires 'AI provider API key' and optionally 'messaging platform bot token', and expects SSH root/sudo access. Yet the skill metadata declares no required env vars, primary credential, or config paths. Requesting broad credentials (provider keys, messaging tokens, root SSH access) is proportionate to the described actions — but the absence of declared required secrets in metadata is an inconsistency that prevents automated vetting and increases risk.
Persistence & Privilege
The skill is not 'always: true' (good) and has no install mechanism, but it instructs the agent to make durable system changes (users, firewall, cron jobs, backups). The default allowance for autonomous invocation is enabled; combined with the above inconsistencies, autonomous execution could have a large blast radius. There is no evidence the skill modifies other skills or system-wide agent configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-setup-assistant - After installation, invoke the skill by name or use
/openclaw-setup-assistant - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
OpenClaw Setup Assistant 1.0.0 — Initial Release
- Launches guided, automated production deployment of OpenClaw on VPS
- Adds step-by-step security hardening (firewall, SSH keys, fail2ban, sandbox mode)
- Supports multi-agent setup (coordinator and specialized agents with isolated workspaces)
- Integrates messaging platforms: Telegram, Discord, WhatsApp, Slack
- Automates health checks, backups, and heartbeat monitoring
- Generates setup-specific documentation for reference
Metadata
Frequently Asked Questions
What is OpenClaw Setup Assistant?
Automates OpenClaw VPS setup, applies security hardening, configures multi-agent systems, messaging integrations, and generates deployment documentation. It is an AI Agent Skill for Claude Code / OpenClaw, with 250 downloads so far.
How do I install OpenClaw Setup Assistant?
Run "/install openclaw-setup-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Setup Assistant free?
Yes, OpenClaw Setup Assistant is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenClaw Setup Assistant support?
OpenClaw Setup Assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Setup Assistant?
It is built and maintained by Harvnk (@harvnk); the current version is v1.0.0.
More Skills