← 返回 Skills 市场
2045
总下载
0
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-setup
功能描述
Set up a complete OpenClaw personal AI assistant from scratch using Claude Code. Walks through AWS provisioning, OpenClaw installation, Telegram bot creation, API configuration, Google Workspace integration, security hardening, and all power features. Give this to Claude Code and it handles the rest.
安全使用建议
This skill will ask you for highly sensitive credentials (AWS account access, SSH private key, Anthropic/OpenAI/Groq keys, Telegram bot token, Google OAuth client_secret) and instruct an agent to use them to log into and configure your server. The metadata does not declare these secrets — a red flag. Before using it: (1) do NOT send your private .pem or long-lived master credentials to an AI; run SSH commands yourself or paste only the exact commands into your terminal; (2) prefer creating limited-scope, least-privilege API keys or IAM users (or temporary credentials) for setup; (3) restrict SSH access to your IP and use fail2ban/2FA; (4) verify the npm 'openclaw' package and any git repositories manually before installing; (5) consider performing Google OAuth client setup yourself and not handing client_secret.json to the agent; (6) if you are unsure, perform the install manually following the guide or ask a trusted human operator. The mismatch between declared metadata and the instructions is suspicious — proceed cautiously or avoid sharing secrets with the agent.
功能分析
Type: OpenClaw Skill
Name: openclaw-setup
Version: 1.0.0
The skill instructs the AI agent to collect highly sensitive information (AWS account access, Anthropic, Groq, OpenAI API keys, Telegram bot token, Google Cloud credentials) directly from the user. It then directs the agent to SSH into the user's server using a provided `.pem` key and execute numerous `sudo` commands, including fetching and executing scripts from external sources (`curl -fsSL ... | sudo -E bash -` for Node.js, `git clone` and `make build` for `gogcli`). While these actions are plausibly necessary for the stated purpose of setting up a personal AI assistant on AWS, the extensive collection of credentials and the broad, privileged execution capabilities granted to the AI agent on the user's server represent significant security risks, classifying it as suspicious due to high-risk capabilities without clear malicious intent. All these instructions are found in `SKILL.md`.
能力评估
Purpose & Capability
The skill's stated purpose (full OpenClaw install on AWS, Telegram bot, Google Workspace, voice, memory, etc.) reasonably requires AWS, Anthropic, Telegram, and optional Groq/OpenAI/Google credentials. However, the registry metadata declares no required env vars/credentials or config paths despite the instructions repeatedly asking for many secrets — an inconsistency that lowers trust.
Instruction Scope
SKILL.md tells the agent to 'ask the user for required information... then SSH into their server and run everything' and explicitly asks users to 'Send me the bot token' and to provide account/API keys and client_secret JSON. That instructs the agent to collect and handle private credentials and private SSH key material, and to execute arbitrary remote commands — well beyond a passive helper. The instructions give broad discretion to collect and transmit secrets and to run system-level commands.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to execute). The setup commands shown are standard package installs (apt, nodesource, npm install -g, git clone). There are no opaque download URLs or extract/install steps supplied by the skill itself. Installation risk comes from running the recommended shell commands on your server, not from the skill bundling code.
Credentials
The number and sensitivity of secrets requested (AWS account access, private .pem, Anthropic key, Telegram bot token, optional Groq/OpenAI keys, Google OAuth client_secret) are high. While these are functionally needed for the described full-featured setup, the skill metadata lists none of them and the skill explicitly asks users to transmit private keys and tokens to the agent — an unsafe practice. No guidance is given to use least-privilege or ephemeral credentials.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). The skill does not request persistent platform-wide privileges or to modify other skills. However, an autonomously-invokable agent that is instructed to receive many credentials and perform remote actions increases the blast radius: if you allow the agent to receive secrets, it could act on them autonomously.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-setup - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-setup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: complete OpenClaw setup skill for Claude Code. Walks through AWS provisioning, OpenClaw install, Telegram bot, API config, Google Workspace, security hardening, and workspace personalization.
元数据
常见问题
OpenClaw Setup on AWS (Free Tier) - Memory Upgrade 是什么?
Set up a complete OpenClaw personal AI assistant from scratch using Claude Code. Walks through AWS provisioning, OpenClaw installation, Telegram bot creation, API configuration, Google Workspace integration, security hardening, and all power features. Give this to Claude Code and it handles the rest. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2045 次。
如何安装 OpenClaw Setup on AWS (Free Tier) - Memory Upgrade?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-setup」即可一键安装,无需额外配置。
OpenClaw Setup on AWS (Free Tier) - Memory Upgrade 是免费的吗?
是的,OpenClaw Setup on AWS (Free Tier) - Memory Upgrade 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Setup on AWS (Free Tier) - Memory Upgrade 支持哪些平台?
OpenClaw Setup on AWS (Free Tier) - Memory Upgrade 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Setup on AWS (Free Tier) - Memory Upgrade?
由 j540(@j540)开发并维护,当前版本 v1.0.0。
推荐 Skills