← Back to Skills Marketplace
Openclaw Manager
by
Prompt Circle
· GitHub ↗
· v0.1.1
399
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install openclaw-manager
Description
Deploy, harden, and operate OpenClaw across local and hosted environments (Fly.io, Render, Railway, Hetzner, GCP) with secure defaults, channel setup guidanc...
Usage Guidance
This skill appears to be a legitimate deployment and hardening helper for OpenClaw, but check these before you install/use it:
- Metadata mismatch: the registry entry claims no required env vars, but SKILL.md and validate_openclaw_env.py require OPENCLAW_GATEWAY_TOKEN (and often an LLM API key). Treat OPENCLAW_GATEWAY_TOKEN and any LLM/provider keys as sensitive.
- The scripts read a .env file and will report on key names, duplicate/malformed lines, placeholders, and weak secrets; they do not transmit secret values elsewhere, but you should never write real secrets into the ops ledger or commit .env files to git.
- The skill writes files to your working directory (rollout plan and ops ledger). Review the generated files and ensure the ledger contains only metadata (names of profiles/keys), not secret values.
- The provided tooling is planning/validation-focused — it does not perform provider deployments itself. When following provider playbooks (clone + deploy), verify any external commands or provider CLIs separately.
- Recommended precautions: run the scripts in an isolated environment, inspect the three included scripts before executing, ensure .env contains only appropriate values, and confirm that you will not accidentally paste secrets into ledger fields or commit them to source control.
If you want, I can point out the exact lines in the scripts that read/write files and the precise registry-vs-SKILL.md discrepancy to help you decide whether to proceed.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-manager
Version: 0.1.1
The OpenClaw Manager skill bundle is designed for deploying, hardening, and operating OpenClaw, which inherently involves privileged operations like secret writes and network exposure. However, the skill explicitly declares these privileged operations and implements robust security controls. The `SKILL.md` includes 'Hard-Stop Rules' and references a 'Mandatory Security Checklist' (`references/openclaw-security-checklist.md`). The Python scripts (`scripts/plan_openclaw_rollout.py`, `scripts/update_openclaw_ops_ledger.py`, `scripts/validate_openclaw_env.py`) perform planning, logging, and critical environment validation (checking for missing/weak secrets, placeholders, malformed keys) without any evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The prompt instructions in `SKILL.md` are structured and security-conscious, guiding the agent through a secure deployment process rather than attempting prompt injection for malicious purposes. All external links point to legitimate OpenClaw documentation or a legacy reference on GitHub, without instructing the agent to execute untrusted remote code.
Capability Assessment
Purpose & Capability
The name/description (deploy, harden, operate OpenClaw) aligns with the included artifacts: a rollout planner, an env validator, and a ledger appender. The scripts and reference docs cover provider-specific checks, channel/integration smoke tests, and hard security gates that fit the stated purpose.
Instruction Scope
SKILL.md instructs the agent/operator to run the included scripts, validate a .env file, update an ops ledger, and follow provider playbooks. Those instructions stay within deployment/hardening scope. They do instruct reading a local .env (expected). The skill advises cloning the OpenClaw repo and performing provider deploys, but the provided scripts do not perform network deploys themselves — they are planning/validation helpers, not deployment automation.
Install Mechanism
There is no install spec or external download. All code is included in the skill (3 scripts + docs). No remote installers, no URL downloads, and no extract/execute of remote archives were found — this minimizes supply-chain install risk from the skill bundle itself.
Credentials
The runtime docs and scripts clearly require a gateway token (OPENCLAW_GATEWAY_TOKEN) and, depending on profile, expect LLM provider keys (OPENAI_API_KEY or ANTHROPIC_API_KEY) and recommended provider tokens (e.g., FLY_API_TOKEN). However, the registry metadata at the top-level lists 'Required env vars: none' which is inconsistent with the SKILL.md/runtime_metadata and the validate script. The scripts only read .env files from disk (they do not transmit secret values), and the ops-ledger schema explicitly says not to record secret values — but the ledger appender will record metadata (profile and key names), so operators must ensure they do not pass secret values as ledger fields or commit .env into git.
Persistence & Privilege
The skill is not always-enabled. It writes files to the working directory (rollout plan output and the ops ledger) and will create the ledger file if missing. This is expected for an ops/ledger helper. It does not modify other skills or system-wide agent config, nor does it request elevated persistent privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-manager - After installation, invoke the skill by name or use
/openclaw-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
openclaw-manager v0.1.1
- Added required environment variable (`OPENCLAW_GATEWAY_TOKEN`) to runtime metadata.
- Changed default ops ledger path to `./openclaw-manager-operations-ledger.md` (was an absolute path).
- Updated sample commands and docs to use relative paths for better portability and clarity.
- No changes to core workflows or automation script references.
v0.1.0
Initial release of openclaw-manager.
- Deploy and operate OpenClaw across local and major hosted providers (Fly.io, Render, Railway, Hetzner, GCP) with secure, production-ready defaults.
- Includes guided install, migration, hardening, channel/integration onboarding, and troubleshooting based on official OpenClaw docs.
- Enforces hard security gates and requires operational ledger entries before critical workflow steps.
- Built-in support for Telegram, Discord, Slack channels; email and calendar integrations.
- Strong workflow automation: environment validation, rollout planning, ops ledger updates, and structured handover for incidents.
Metadata
Frequently Asked Questions
What is Openclaw Manager?
Deploy, harden, and operate OpenClaw across local and hosted environments (Fly.io, Render, Railway, Hetzner, GCP) with secure defaults, channel setup guidanc... It is an AI Agent Skill for Claude Code / OpenClaw, with 399 downloads so far.
How do I install Openclaw Manager?
Run "/install openclaw-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw Manager free?
Yes, Openclaw Manager is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Openclaw Manager support?
Openclaw Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openclaw Manager?
It is built and maintained by Prompt Circle (@hollaugo); the current version is v0.1.1.
More Skills