← Back to Skills Marketplace
jhjhghg
by
qinjianfenghzau-wq
· GitHub ↗
· v1.0.9
· MIT-0
105
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install anhfabh1-test
Description
Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...
README (SKILL.md)
ClawSentry
Use Cases
- Use this skill when you need to install and prepare the
ai-assistant-security-openclawplugins for the OpenClaw environment on the current machine. - Trigger this skill when the user mentions requirements such as "install clawSentry / ai-assistant-security-openclaw plugin / 帮我安装clawSentry技能 / 安装clawSentry技能".
Steps
1. Verify Node.js is installed:
Ensure Node.js (version 14 or higher) is installed on the system. You can check with:
node --version
2. Execute the combined script to install plugin and generate login link:
node {baseDir}/scripts/bundle.cjs
After the script completes:
- The script will display the login URL directly. You can also extract it from the output by looking for the line that starts with
[LOGIN_URL]: - You can also read the login URL from
{baseDir}/.state/login_state.jsonfile (look for theloginUrlfield). If the file doesn't exist, try reading it again after a few seconds. If you can't find the files, try looking in.openclaw/skills/ClawSentry/scripts/directory. - Send the login URL to the user along with this message: "After completing login, if you want to check if the installation was successful, please wait one minute and then ask me such as 'view all plugin list / 查看我的本地插件 '"
Data & Privacy
- The script generates a per-machine device identifier locally, then sends only its SHA-256 hash as
X-Ai-Device-Fingerprintfor device-binding of the login session. - The script does not collect or transmit MAC addresses, hostname, or other hardware identifiers.
- The script persists login state under
{baseDir}/.state/, includingloginToken, the hasheddeviceFingerprint, expiry metadata, and login progress flags. - The polling log written to
{baseDir}/.state/poll_login.logrecords operational output and API responses; once authorization succeeds, those responses may include credential material such asApiKeyandAppId. - After authorization, the script writes the received
ApiKeyandAppIdinto the local OpenClaw plugin configuration so the installed plugin can call the remote service. - That configuration update is performed by invoking the local
openclawCLI with a JSON payload, so credential values may be exposed transiently in local process arguments or shell/audit tooling on the host.
Network Targets
- The script performs HTTPS requests to the API base URL embedded in the bundle at build time (
internalConfig.baseURL) to create a login token and check login status. - The login URL shown to the user is generated using the embedded console URL prefix (
internalConfig.baseLogUrl).
Local Files
{baseDir}/.state/login_state.json: StoresloginUrl,loginToken,deviceFingerprint(hashed), expiry metadata, and login progress flags.{baseDir}/.state/poll_login.log: Stores polling logs for troubleshooting, including request/response-related output from the login-status flow.{baseDir}/.state/device_id: Stores the locally generated device identifier used to derive the fingerprint hash.
Host Changes
- The script runs
openclawCLI commands to install the plugin, read and update local OpenClaw plugin configuration, and restartopenclaw gatewayon the machine.
Usage Guidance
This skill appears to be an installer for an OpenClaw security plugin and will run the included Node script which: reads network interfaces and hostname (then hashes them), contacts hard-coded external endpoints (https://openclaw-innersit.sdk.access-test.clawsentry.cn and console.clawsentry.cn), writes .state/login_state.json and poll_login.log (which can contain API responses), injects ApiKey/AppId into your local OpenClaw plugin configuration, and restarts the gateway. Two things to consider before installing: (1) SKILL.md says it "does not collect or transmit MAC addresses, hostname," but the bundled code does read those identifiers and sends their hash — confirm you’re comfortable with that data flow; (2) the script logs API responses and writes credentials into local config files, so review and back up your OpenClaw config and inspect .state/poll_login.log after a run. If you do not trust the upstream domains or the unknown publisher, run this in an isolated environment (VM/container) or review/run the included bundle.cjs line-by-line yourself. If possible, get the plugin from a verified vendor source and confirm the owner identity before proceeding.
Capability Analysis
Type: OpenClaw Skill
Name: anhfabh1-test
Version: 1.0.9
The ClawSentry skill bundle is a legitimate installer for a security plugin (@omni-shield/ai-assistant-security-openclaw) associated with ByteDance's Volcengine. The `bundle.cjs` script automates the installation via the `openclaw` CLI, generates a local device fingerprint (SHA-256 hash of hardware identifiers), and polls a remote API (clawsentry.cn) to retrieve and configure authentication credentials (ApiKey/AppId). While the script performs sensitive operations such as modifying local configurations and executing system commands, these actions are consistent with the stated purpose and are documented in `SKILL.md`. No evidence of malicious intent, data exfiltration, or unauthorized persistence was found.
Capability Tags
Capability Assessment
Purpose & Capability
The declared purpose (install/configure OpenClaw security plugins) aligns with the script's actions (running a Node installer, invoking the openclaw CLI, installing a plugin, updating plugin config and restarting the gateway). However the bundle contains hard-coded external endpoints (internalConfig.baseURL and baseLogUrl) that are not documented in the high-level metadata, and some private-data claims in SKILL.md conflict with what the code actually reads/transmits.
Instruction Scope
SKILL.md instructs running the included node script which: reads/writes local state under .state, executes openclaw CLI commands (config get/set, plugins install, gateway restart), and polls an external API. SKILL.md claims the script "does not collect or transmit MAC addresses, hostname, or other hardware identifiers," but the bundled bundle.cjs explicitly reads network interfaces and hostname, constructs a fingerprint from them, hashes it, and sends the hash in a request header. The script also writes polling logs that may include API responses and later injects ApiKey/AppId into the local plugin configuration.
Install Mechanism
There is no formal install spec (instruction-only), which minimizes supply-chain complexity, but the skill ships an executable bundle.cjs that will be run directly. The bundle is bundled/minified JS with hard-coded API endpoints; running it will create files, call external services, and modify system state. No remote download step in the skill itself, but executing included code still executes arbitrary actions on the host.
Credentials
The skill requests no environment variables or credentials up front, which is proportional. However it will persist a login token and later store received ApiKey/AppId into the OpenClaw plugin configuration and logs. The script warns that credentials may be exposed transiently in process arguments or logs — this is legitimate for an installer but increases risk if the external endpoints or code origin are not trusted.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (normal). It does request persistent changes to the host: creating .state files, removing plugin directories, updating OpenClaw plugin config, and restarting the OpenClaw gateway. Those changes fit an installer role but are privileged actions that will affect the OpenClaw runtime.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install anhfabh1-test - After installation, invoke the skill by name or use
/anhfabh1-test - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.9
- Initial release of ClawSentry for OpenClaw environments.
- Installs and configures ai-assistant-security-openclaw plugins in one streamlined process.
- Verifies Node.js installation, then runs a bundled setup script to handle plugin installation and authentication.
- Provides instructions for retrieving and sharing the login URL with users.
- Clearly documents data handling, privacy practices, local file usage, and network operations.
- Automatically updates OpenClaw plugin configuration and restarts the gateway as part of setup.
Metadata
Frequently Asked Questions
What is jhjhghg?
Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want... It is an AI Agent Skill for Claude Code / OpenClaw, with 105 downloads so far.
How do I install jhjhghg?
Run "/install anhfabh1-test" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is jhjhghg free?
Yes, jhjhghg is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does jhjhghg support?
jhjhghg is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created jhjhghg?
It is built and maintained by qinjianfenghzau-wq (@qinjianfenghzau-wq); the current version is v1.0.9.
More Skills