Openclaw Manager

Deploy, harden, and operate OpenClaw across local and hosted environments (Fly.io, Render, Railway, Hetzner, GCP) with secure defaults, channel setup guidanc...

This skill appears to be a legitimate deployment and hardening helper for OpenClaw, but check these before you install/use it: - Metadata mismatch: the registry entry claims no required env vars, but SKILL.md and validate_openclaw_env.py require OPENCLAW_GATEWAY_TOKEN (and often an LLM API key). Treat OPENCLAW_GATEWAY_TOKEN and any LLM/provider keys as sensitive. - The scripts read a .env file and will report on key names, duplicate/malformed lines, placeholders, and weak secrets; they do not transmit secret values elsewhere, but you should never write real secrets into the ops ledger or commit .env files to git. - The skill writes files to your working directory (rollout plan and ops ledger). Review the generated files and ensure the ledger contains only metadata (names of profiles/keys), not secret values. - The provided tooling is planning/validation-focused — it does not perform provider deployments itself. When following provider playbooks (clone + deploy), verify any external commands or provider CLIs separately. - Recommended precautions: run the scripts in an isolated environment, inspect the three included scripts before executing, ensure .env contains only appropriate values, and confirm that you will not accidentally paste secrets into ledger fields or commit them to source control. If you want, I can point out the exact lines in the scripts that read/write files and the precise registry-vs-SKILL.md discrepancy to help you decide whether to proceed.

Type: OpenClaw Skill Name: openclaw-manager Version: 0.1.1 The OpenClaw Manager skill bundle is designed for deploying, hardening, and operating OpenClaw, which inherently involves privileged operations like secret writes and network exposure. However, the skill explicitly declares these privileged operations and implements robust security controls. The `SKILL.md` includes 'Hard-Stop Rules' and references a 'Mandatory Security Checklist' (`references/openclaw-security-checklist.md`). The Python scripts (`scripts/plan_openclaw_rollout.py`, `scripts/update_openclaw_ops_ledger.py`, `scripts/validate_openclaw_env.py`) perform planning, logging, and critical environment validation (checking for missing/weak secrets, placeholders, malformed keys) without any evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The prompt instructions in `SKILL.md` are structured and security-conscious, guiding the agent through a secure deployment process rather than attempting prompt injection for malicious purposes. All external links point to legitimate OpenClaw documentation or a legacy reference on GitHub, without instructing the agent to execute untrusted remote code.