← 返回 Skills 市场
OpenClaw Quickstart Setup
作者
sepulchralvoid666
· GitHub ↗
· v1.0.0
· MIT-0
74
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-quickstart-setup
功能描述
Complete OpenClaw setup automation skill. Installs gateway, hardens security (localhost binding, auth), routes to cost-effective models (DeepSeek/Kimi for si...
安全使用建议
This guide appears to do what it says (quickstart/install/configure), but it also gives the agent recurring autonomous duties (cron/heartbeat) and tells you to install other skills from registries that may be unvetted. Before following it: 1) Inspect the openclaw npm package and the upstream source (GitHub repo, maintainers, recent releases) and pin a known-good version instead of blindly `npm i -g`. 2) Vet any third‑party skills (wacli, maton, etc.) before installing; avoid paste-installing commands from untrusted sources. 3) Only provide channel tokens (Telegram/Discord/WhatsApp/email) to config files you control; do not paste them into public chat. 4) Narrow the cron/heartbeat actions — make them non-executing tests first, or run them in a sandbox/VM/container. 5) Keep the gateway bound to localhost and prefer a secure tunnel (Tailscale) for remote access. 6) Backup configuration and review memory/heartbeat files for sensitive content. If you want higher assurance, request the upstream package sources, checksums, and a maintainers list before installing.
功能分析
Type: OpenClaw Skill
Name: openclaw-quickstart-setup
Version: 1.0.0
The skill bundle is a comprehensive setup and configuration guide for the OpenClaw platform. It provides instructions for the agent to automate security hardening (binding to localhost, enabling authentication), cost-effective model routing, and channel integration (Telegram, Discord). It includes defensive recommendations, such as enabling skill allow-lists, and warns against potential ecosystem threats. While it references fictional or future-dated security vulnerabilities (e.g., CVE-2026-25253 in SKILL.md), the instructions are consistently aligned with its stated purpose of providing a secure and optimized production setup without any evidence of malicious intent or data exfiltration.
能力评估
Purpose & Capability
The name/description (quickstart setup, gateway hardening, channel connectors, routing models, starter workflows) match the SKILL.md instructions. The steps (npm install openclaw, configure gateway, add channels, install skills) are coherent with the stated purpose.
Instruction Scope
The runtime instructions go beyond one‑off configuration: they create recurring cron jobs and a 'heartbeat' that instructs the system to 'Execute priority tasks' and to read HEARTBEAT.md — this is vague and grants the agent recurring autonomous behavior. They also instruct installing additional skills (wacli, maton) which will further expand capabilities and risk. The guide does not constrain what the cron/heartbeat may execute.
Install Mechanism
There is no install spec in the registry entry (instruction‑only). The SKILL.md tells the user to run `npm i -g openclaw` and to install other skills via `openclaw skills install`. Installing packages from npm/ClawHub is normal for this task, but it pulls code from third‑party registries and unvetted skill repositories — a moderate risk that the user should review the upstream packages and pin versions.
Credentials
The registry declares no required env vars, but the instructions require/expect service tokens (Telegram/Discord bot tokens, WhatsApp pairing, email access via Maton) and external network setup (Tailscale). Requesting those credentials is proportionate to connecting channels, but the skill does not declare them formally — users may accidentally supply broad credentials or paste tokens without vetting. Also the SKILL.md suggests reading/writing MEMORY.md and HEARTBEAT.md, which could include sensitive data.
Persistence & Privilege
always:false is fine, but the skill explicitly instructs creating cron jobs and a heartbeat that will run periodically and trigger system events. That grants ongoing autonomous execution capability and increases blast radius if a malicious or buggy skill is installed. The guide also instructs installing additional skills which may persist or expand privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-quickstart-setup - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-quickstart-setup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
OpenClaw Quickstart Setup 是什么?
Complete OpenClaw setup automation skill. Installs gateway, hardens security (localhost binding, auth), routes to cost-effective models (DeepSeek/Kimi for si... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 74 次。
如何安装 OpenClaw Quickstart Setup?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-quickstart-setup」即可一键安装,无需额外配置。
OpenClaw Quickstart Setup 是免费的吗?
是的,OpenClaw Quickstart Setup 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Quickstart Setup 支持哪些平台?
OpenClaw Quickstart Setup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Quickstart Setup?
由 sepulchralvoid666(@sepulchralvoid666)开发并维护,当前版本 v1.0.0。
推荐 Skills