clawpilot

What this skill does

# OpenClaw Expert Skill

## Auto-Update Check (Run First)

**Before any other action**, run the staleness check:

```bash
bash scripts/check_updates.sh
```

- **If `UP_TO_DATE`**: Proceed normally.
- **If `STALE`**: The skill references may be outdated. Before proceeding with the user's task:
  1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases
  2. Fetch https://docs.openclaw.ai/llms.txt for doc changes
  3. Search web for recent OpenClaw CVEs or security advisories
  4. Compare findings against the version in SKILL.md frontmatter and `references/security.md`
  5. **Inform the user** of any version gaps or new security issues found
  6. If references were updated, run: `bash scripts/mark_updated.sh <latest-version>`
  7. If no updates needed, still mark as checked: `bash scripts/mark_updated.sh <current-version>`

This check uses a `.last_update_check` marker file. The threshold is 7 days (configurable via first argument).

## Security-First Principle

**Every configuration action MUST pass a security review before recommending it.**

For each setting change, evaluate:
1. **Blast radius** — If this setting is exploited, what can an attacker reach?
2. **Credential exposure** — Are secrets stored safely? Permissions correct?
3. **Network surface** — Is the gateway exposed beyond what's necessary?
4. **Prompt injection risk** — Can untrusted message content manipulate the agent?
5. **Supply chain risk** — Are installed skills/plugins from trusted sources?

When recommending configuration, always present the secure baseline first, then explain trade-offs of relaxing it.

### Critical CVEs (Must Check)

- **CVE-2026-25253** (CVSS 8.8): Token exfiltration via Control UI — fixed in 2026.1.29
- **CVE-2026-24763**: Command injection — fixed in 2026.1.29
- **CVE-2026-25157**: Command injection (chainable with 25253) — fixed in 2026.1.29
- **2026.2.12**: Mass security patch (40+ vulnerabilities) — path traversals, SSRF, privilege escalation
- **2026.2.15+**: SHA-256 sandbox hashing, plugin discovery hardening, ACP session DoS fixes
- **2026.2.17+**: SSRF ISATAP protection, iMessage SSH host-key enforcement, control-plane RPC rate limiting
- **2026.2.19**: Browser relay auth hardening (`/extension` + `/cdp` require gateway-token)

**Always verify user's version is >= 2026.2.19 before any other advice.**

## Quick Reference

| Task | Command |
|------|---------|
| Install | `npm install -g openclaw@latest` |
| Onboard | `openclaw onboard --install-daemon` |
| Start gateway | `openclaw gateway --port 18789` |
| Login channel | `openclaw channels login` |
| Health check | `openclaw health` |
| Security audit | `openclaw security audit --deep` |
| Skill safety scan | `openclaw skills scan <path>` |
| Diagnostics | `openclaw doctor` |
| Update | `openclaw update` |
| View logs | `openclaw logs` |
| Status (redacted) | `openclaw status --all` |
| Agent management | `openclaw agents list` |
| iOS/macOS node | `openclaw nodes` |
| Device management | `openclaw devices remove/clear` |
| Cron (staggered) | `openclaw cron add --stagger/--exact` |
| Spawn subagent | `/subagents spawn` |
| Shell completion | `openclaw completion` |

Run `openclaw --help` for full command list.

## Documentation Source

Use the reference files bundled in this skill as the primary source. They cover the core config schema, security hardening (including CVEs, OWASP mapping, NIST alignment), cloud deployment, and multi-agent routing.

Fetch from https://docs.openclaw.ai/ only when:
- The bundled references do not cover a feature the user asks about
- Version-specific behavior requires the latest docs
- A command or config key is absent from the bundled references

Full docs index: https://docs.openclaw.ai/llms.txt

## Core Architecture

```
Chat Apps --> Gateway (single process) --> AI Agent(s)
             |                              |
             +- Session manager             +- Workspace (SOUL.md, AGENTS.md, MEMORY.md)
             +- Channel routing             +- Auth profiles
             +- Tool policies               +- Memory (daily logs + vector search)
             +- Sandbox (Docker)            +- Sessions
             +- Cron scheduler              +- Skills
             +- Safety scanner              +- Subagents
             +- Agent mgmt RPC             +- iOS/macOS nodes
```

- **Gateway**: Single source of truth for sessions, routing, channel connections. Binds to `127.0.0.1:18789` by default.
- **Agents**: Isolated entities with own workspace, state dir, auth profiles, session store. Manageable via RPC (`agents.create`, `agents.update`, `agents.delete`).
- **Channels**: Plugin-based — WhatsApp, Telegram, Discord, Slack, iMessage, Signal, LINE, Matrix, Teams, Google Chat, Mattermost, BlueBubbles, Feishu, Zalo.
- **Config**: `~/.openclaw/openclaw.json` (JSON5 format). `OPENCLAW_HOME` env var overrides home directory for path resolution.
- **Nodes**: iOS alpha + macOS nodes for remote code execution via pairing.
- **iOS**: Watch Companion (inbox UI, notification relay), Share Extension (forward content to gateway), APNs push notifications (v2026.2.19+).

## Secure Baseline

Always start from the secure baseline and relax only with justification. Key defaults: `bind: "loopback"`, `dmPolicy: "pairing"`, `sandbox: { mode: "non-main" }`, `redactSensitive: "tools"`.

### Breaking Changes (v2026.2.10–2026.2.19)

- Gateway HTTP APIs blocked for WebChat clients (`sessions.patch`, `sessions.delete`)
- Browser relay now requires gateway-token auth on both `/extension` and `/cdp` endpoints
- Subagent task messages now prefixed with source context
- Cron stagger defaults applied to recurring top-of-hour schedules

Full baseline template and memory system config: see [Configuration Reference](references/configuration.md) and [Security Hardening](references/security.md).

## Common Workflows

### Initial Setup
1. `npm install -g openclaw@latest`
2. `openclaw onboard --install-daemon`
3. `openclaw channels login` (select channel)
4. `openclaw gateway --port 18789`
5. **Run `openclaw security audit --deep`** — fix any findings
6. **Run `openclaw skills scan`** — verify installed skills are safe
7. Verify: `openclaw health` and open `http://127.0.0.1:18789/`

### Add a Channel
1. `openclaw channels login` -> select channel
2. Configure allowlists in `openclaw.json` (never use `"*"` for production)
3. Set `dmPolicy: "pairing"` or `"allowlist"`
4. For groups: `requireMention: true`
5. **Security review**: Verify allowlist, check tool access for that channel

### Remote Access (Secure)
**Preferred: Tailscale Serve** — keeps loopback bind, no public exposure.
**Alternative: SSH tunnel** — `ssh -N -L 18789:127.0.0.1:18789 user@host`
**Never**: Bind to `0.0.0.0` without auth token + firewall.

### Troubleshooting
1. `openclaw doctor` — config validation
2. `openclaw health` — gateway status
3. `openclaw logs` — recent logs
4. `openclaw status --all` — full state (secrets redacted)
5. `openclaw memory search "topic"` — search agent memory
6. `openclaw sessions list` — view active sessions
7. Check `/tmp/openclaw/openclaw-YYYY-MM-DD.log`

### Discover & Install Skills

When user asks about extending OpenClaw with new skills or asks "what skills are available":

1. Official registry: https://clawhub.com
2. Community curated list (1,715+ skills, 31 categories): https://github.com/VoltAgent/awesome-openclaw-skills
3. Install via CLI: `npx clawhub@latest install <skill-slug>`
4. Manual install: copy skill folder to `~/.openclaw/skills/` (global) or `<project>/skills/` (workspace)

**Security**: Third-party skills execute as trusted code. **Hundreds of malicious skills were discovered on ClawHub in early 2026.** Always:
- Run `openclaw skills scan <skill-path>` before installing (v2026.2.6+)
- Review source code, especially skills using `exec`, `browser`, or `web_fetch` tools
- Pin versions and avoid auto-updating untrusted skills

For skills config schema (load order