← Back to Skills Marketplace
400
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install new-player-package-800
Description
OpenClaw deployment optimization guide based on 800 RMB (100 USD) of real-world experience. Helps new users quickly complete skill installation, configuratio...
Usage Guidance
This is a readable deployment guide, but it omits important metadata and suggests installing third‑party packages without specifying sources. Before running the recommended commands: 1) Verify you have Node.js/npm installed (the guide uses npm but doesn't declare it). 2) Confirm what 'uv' refers to (npm package vs. system binary) and inspect that package before installing. 3) Inspect the 'clawhub', 'session-monitor', and 'task-persistence' packages/repos (GitHub/npm pages) to ensure they are official/trusted and review their code or release provenance. 4) Do not paste gateway tokens or other secrets into commands without understanding where they will be stored/transmitted; prefer editing configuration files locally and backup openclaw.json first. 5) If the author, homepage, or package sources are provided (or you can point the install commands to official repositories), re-run this assessment — that information would raise confidence and could change the verdict to benign. If you cannot verify the packages' origins, avoid running the one‑click script and install components manually from trusted sources.
Capability Analysis
Type: OpenClaw Skill
Name: new-player-package-800
Version: 1.0.0
The skill bundle is classified as suspicious due to its instruction to install skills with extremely broad system and filesystem access, specifically 'openclaw-anything' (for 'System management operations') and 'clawdbot-filesystem' (for 'Advanced filesystem operations'). While the provided SKILL.md does not instruct the agent to perform malicious actions with these capabilities, their installation significantly expands the agent's attack surface, making it vulnerable to future prompt injections or potential misuse if the installed skills themselves are compromised. The `npm install -g` command also grants global execution capabilities to `clawhub` and `uv`.
Capability Assessment
Purpose & Capability
The skill is an instruction-only deployment/optimization guide and most recommended actions (installing skills, editing openclaw.json, creating ~/.openclaw directories, enabling plugins) are consistent with that purpose. However, the declared required binaries (python3, uv, git) are incomplete or ambiguous: the guide's one‑click script calls 'npm install -g', but 'npm' (and thus Node.js) is not listed; 'uv' is ambiguous (could be an npm package, a binary, or a different tool). Requiring 'uv' without explanation is disproportionate.
Instruction Scope
SKILL.md instructs the agent/user to install third‑party CLI packages via npm, clone and install skills, edit and export gateway tokens and other OpenClaw config, and create files under ~/.openclaw. It also references environment variables (OPENCLAW_GATEWAY_TOKEN, OPENCLAW_WORKSPACE) that are not declared in the skill metadata. The instructions give broad discretion to install/enable many skills (including ones with persistence/monitoring), which could lead to installing untrusted code if sources are not verified.
Install Mechanism
There is no formal install spec in the skill bundle; instead the README suggests running 'npm install -g clawhub uv' and 'clawhub install ...'. That implies installing packages from registries and fetching unknown skills. Because the skill does not declare where those packages/skills come from (official repos, GitHub, or third‑party), this is moderate-to-high risk—especially the ambiguous 'uv' package and unknown 'clawhub' package which could execute arbitrary code.
Credentials
Declared requirements list no environment variables, but SKILL.md explicitly instructs setting OPENCLAW_GATEWAY_TOKEN and mentions OPENCLAW_WORKSPACE. The guide also tells users to edit gateway.auth.token and gateway.remote.token in openclaw.json. Asking users to set gateway tokens and modifying configuration is expected for deployment, but the metadata should declare these env vars; the omission is an incoherence that makes it unclear what credentials will be used or required at runtime.
Persistence & Privilege
The skill does not request always:true and does not claim elevated system privileges. It instructs installing skills like 'session-monitor' and 'task-persistence' that themselves may run persistently or monitor sessions; this increases blast radius if those skills are untrusted. Autonomous invocation is allowed by default (disable-model-invocation:false), which is normal, but you should be cautious installing third‑party persistent skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install new-player-package-800 - After installation, invoke the skill by name or use
/new-player-package-800 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: OpenClaw deployment optimization guide based on 800 RMB real-world experience
Metadata
Frequently Asked Questions
What is New Player Package 800?
OpenClaw deployment optimization guide based on 800 RMB (100 USD) of real-world experience. Helps new users quickly complete skill installation, configuratio... It is an AI Agent Skill for Claude Code / OpenClaw, with 400 downloads so far.
How do I install New Player Package 800?
Run "/install new-player-package-800" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is New Player Package 800 free?
Yes, New Player Package 800 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does New Player Package 800 support?
New Player Package 800 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created New Player Package 800?
It is built and maintained by DaYu (@yangdaowan); the current version is v1.0.0.
More Skills