← 返回 Skills 市场
421
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ohmyopenclaw
功能描述
AI-native configuration and setup guides for OpenClaw
安全使用建议
Before installing or allowing this skill to run automatically:
- Do not run the provided 'curl | bash' or PowerShell 'iex' installer without auditing the remote script; prefer a vetted release (GitHub release tarball, signed binary, or manual inspection). The domain used by the installer (get.ohmyopenclaw.dev) is not a known trusted host.
- Review the repository and installer script contents (or ask the author for a release tarball) so you know exactly what will be written and executed on your machine.
- Expect the guides to request many API keys and to modify local config files under ~/.openclaw; only provide credentials you trust and store them securely (do not paste secrets into chat).
- Be cautious about enabling cron jobs/heartbeats and webhooks: they cause periodic scanning and external callbacks. Inspect any webhook endpoints and restrict network access (use firewall rules, vetted endpoints).
- The monitoring guide instructs scanning /var/log/myapp and GitHub issues; if you enable those, ensure the agent has only the minimum required file access and that sensitive logs are not exposed.
- If you want to proceed, consider: (1) manually applying guide steps instead of granting autonomous execution; (2) running the installer in an isolated environment or container; (3) backing up existing openclaw.json and workspace files so you can revert changes; (4) limiting the skill's access to credentials and network at the OS or container level.
Reason for rating: the skill is generally coherent with its stated purpose but includes high-risk installer commands, undocumented secret requirements, and instructions that allow system-level scanning and network callbacks — together these are suspicious and warrant manual review before trusting automatic installation or autonomous operation.
功能分析
Type: OpenClaw Skill
Name: ohmyopenclaw
Version: 1.0.0
The skill bundle is classified as suspicious due to its extensive use of high-risk capabilities, including direct shell command execution, modification of the agent's core configuration (`openclaw.json`), creation of executable scripts (`check-costs.sh` in `guides/cost-optimization.md`), and instructions to create/modify sensitive files like `~/.openclaw/.env` (in `guides/chinese-providers.md`). Furthermore, `guides/monitor.md` configures autonomous scheduled tasks (cron jobs) for the AI, enabling it to perform actions without direct user prompting. While these actions are presented as legitimate configuration steps for an AI agent, they represent significant vulnerabilities if the skill bundle were malicious or if the agent were susceptible to prompt injection, as they grant broad control over the system and the agent's behavior. There is no clear evidence of intentional malicious behavior (e.g., data exfiltration, backdoors) within the provided files, but the inherent power and potential for misuse make it suspicious.
能力评估
Purpose & Capability
The name and description claim configuration/setup guides for OpenClaw and the included markdown files do provide such guides (agent-swarm, memory, monitoring, provider configuration, cost). That capability justifies most of the changes the guides suggest (editing openclaw.json, creating workspace files, enabling heartbeats/cron jobs). However, some suggested actions (scanning /var/log, checking GitHub issues, configuring external webhooks) expand the skill's reach beyond purely local config guidance; these actions are plausible for a monitoring/automation guide but should have been declared explicitly in metadata (no required env/config paths were declared).
Instruction Scope
The SKILL.md instructs the AI to execute configuration changes, create cron jobs, scan system logs (/var/log/myapp), scan code and GitHub issues, spawn agents, and update local state under ~/.openclaw. Those are powerful operations that can touch system logs and external endpoints. The guide also tells users to run remote installer commands (curl | bash and PowerShell iEx). The instructions do not declare or surface exactly what network callbacks/webhooks will be used; some examples include external endpoints (hooks.slack.com, api.example.com) which could be used for notifications or, if misconfigured, exfiltration.
Install Mechanism
There is no formal install spec in the registry, but the SKILL.md provides explicit install commands that pipe remote content into a shell: 'curl -fsSL https://get.ohmyopenclaw.dev | bash' and PowerShell 'irm https://get.ohmyopenclaw.dev/install.ps1 | iex'. The domain get.ohmyopenclaw.dev is not a well-known release host; installing arbitrary scripts from an unknown host is high risk because it executes remote code without review.
Credentials
Registry metadata lists no required environment variables, yet the Chinese providers guide and other docs instruct users to create ~/.openclaw/.env with many API keys (QWEN_API_KEY, ZHIPU_API_KEY, ERNIE_API_KEY/SECRET, DEEPSEEK_API_KEY, optional ANTHROPIC_API_KEY, etc.). The skill thus expects sensitive credentials to be provided and stored, but the metadata does not declare these requirements. That mismatch is an incoherence and increases risk: the agent may request secrets at runtime that were not signaled at install time. The guides also suggest adding webhook URLs and potentially storing those in config files.
Persistence & Privilege
The skill is not marked 'always: true' and model invocation is allowed (the default). It asks the AI to create cron jobs, heartbeat actions, and persistent files under ~/.openclaw (tasks, memory, monitoring). Those are reasonable for a configuration/monitoring skill, but they give the skill ongoing presence (periodic scans and automatic agent spawning) if the agent applies the guides. Because autonomous invocation is allowed by default, that combination amplifies risk if the skill or its installer is malicious — this is worth consideration but is not flagged as a metadata privilege misconfiguration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ohmyopenclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/ohmyopenclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: AI-native configuration guides for OpenClaw
元数据
常见问题
ohmyopenclaw 是什么?
AI-native configuration and setup guides for OpenClaw. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 421 次。
如何安装 ohmyopenclaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ohmyopenclaw」即可一键安装,无需额外配置。
ohmyopenclaw 是免费的吗?
是的,ohmyopenclaw 完全免费(开源免费),可自由下载、安装和使用。
ohmyopenclaw 支持哪些平台?
ohmyopenclaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ohmyopenclaw?
由 Z.Y. Ma(@maxzyma)开发并维护,当前版本 v1.0.0。
推荐 Skills