openclaw-server-secure-skill

Comprehensive security hardening and installation guide for OpenClaw (formerly Clawdbot/Moltbot). Use this skill when the user wants to secure a server, install the OpenClaw agent, or configure Tailscale/Firewall for the agent.

This guide appears to do what it says, but it instructs you to run high‑privilege commands and to pipe a remote install script into sh and to run a global npm install. Before following it: (1) ensure you have console or out-of-band access so you cannot be locked out; (2) fetch and inspect any remote installer (do not blindly run curl | sh); prefer distro packages or verify checksums/signatures; (3) verify the npm package name and source (openclaw) and consider installing into a controlled environment first; (4) backup configuration and test firewall/SSH rules incrementally (add SSH allow rule before enabling default-deny); (5) run these steps on a non-production instance first or follow an established change-control process. If you want, I can rewrite the instructions to include verification steps, safe rollback commands, and least-risk installation alternatives (e.g., installing Tailscale from your distro repo or downloading and verifying release artifacts).

Type: OpenClaw Skill Name: openclaw-server-secure-skill Version: 1.0.0 The skill is designed for server hardening and OpenClaw installation, with most commands being benign security configurations. However, it uses a high-risk `curl -fsSL https://tailscale.com/install.sh | sh` command in `SKILL.md` to install Tailscale. While Tailscale is a legitimate service and the action aligns with the stated purpose, executing remote scripts directly via `curl | sh` is a significant security risk due to the potential for arbitrary code execution if the remote source were compromised or the URL tampered with, classifying it as suspicious rather than benign.