hollaugo/openclaw-manager
skills/openclaw-manager/SKILL.md
Deploy, harden, and operate OpenClaw across local and hosted environments (Fly.io, Render, Railway, Hetzner, GCP) with secure defaults, channel setup guidance, integration onboarding, and troubleshooting workflows grounded in official OpenClaw documentation. Use when users need install/deploy help, migration support, runtime hardening, memory/agent operations tuning, or incident response.
testing
Updated Apr 28, 2026
$ install --global
skillsauthnpx skillsauth add hollaugo/prompt-circle-skills openclaw-managerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 3:28 PM210.4s11 files scanned
SKILL.md
- name:
- openclaw-manager
- description:
- Deploy, harden, and operate OpenClaw across local and hosted environments (Fly.io, Render, Railway, Hetzner, GCP) with secure defaults, channel setup guidance, integration onboarding, and troubleshooting workflows grounded in official OpenClaw documentation. Use when users need install/deploy help, migration support, runtime hardening, memory/agent operations tuning, or incident response.
OpenClaw Manager
Overview
Build and operate OpenClaw with production-safe defaults across both local and hosted environments. This skill is optimized for operators with limited platform expertise and enforces hard security gates before rollout completion.
Primary references:
- Docs map:
references/openclaw-doc-map.md - Security gates checklist:
references/openclaw-security-checklist.md - Mode matrix:
references/openclaw-mode-matrix.md - OS matrix:
references/openclaw-os-matrix.md - Integrations playbook:
references/openclaw-integrations-playbook.md - Ops ledger schema:
references/openclaw-ops-ledger-schema.md
Automation helpers:
scripts/plan_openclaw_rollout.pyscripts/validate_openclaw_env.pyscripts/update_openclaw_ops_ledger.py
Default ops ledger path:
./openclaw-manager-operations-ledger.md(or operator specified)
Hard-Stop Rules (Never Bypass)
Stop and block deployment/install progression if any condition is true:
- Required secrets profile fails validation.
- Security checklist mandatory gates are not all passing.
- Rollback path is not documented and owned.
- Ops ledger was not updated for the current phase.
- Public exposure requested without auth boundary and token controls.
Workflow
1) Intake and Scope Lock
Collect and confirm:
mode:localorhostedprovider:local,fly,render,railway,hetzner,gcpos:macos,linux,windows-wsl2channels: subset oftelegram,discord,slackintegrations: subset ofemail,calendarenvironment:dev,staging,prodexposure:privateorpublic
Before proceeding, write a scope_lock ledger entry:
python3 scripts/update_openclaw_ops_ledger.py \
--ledger-file ./openclaw-manager-operations-ledger.md \
--event scope_lock \
--operator codex \
--mode hosted \
--provider fly \
--os linux \
--environment prod \
--secrets-profile hosted-fly \
--channels telegram,slack \
--integrations email,calendar \
--security-status pending \
--rollback-tested no \
--blocking-issues "none" \
--next-owner operator \
--next-action-date 2026-02-20
2) Generate a Decision-Complete Plan
Always generate a plan first:
python3 scripts/plan_openclaw_rollout.py \
--mode hosted \
--provider fly \
--os linux \
--channels telegram,slack \
--integrations email,calendar \
--environment prod \
--exposure public \
--ledger-file ./openclaw-manager-operations-ledger.md \
--output /tmp/openclaw-rollout.md
The plan output is the execution contract. Do not skip sections.
3) Validate Secrets and Config Profile Before Any Infra Change
Validate environment using profile-aware gates:
python3 scripts/validate_openclaw_env.py \
--env-file .env \
--profile hosted-fly \
--json
Validation enforces:
- required keys by profile
- required provider/model alternatives
- malformed and duplicate env keys
- placeholder values
- weak gateway/setup tokens
- legacy alias warnings
Write a predeploy_validation ledger entry immediately after validation.
4) Execute Mode Branch
Branch A: Local install (mode=local)
- Use official install/onboarding docs for local setup.
- Apply OS-specific commands from
references/openclaw-os-matrix.md. - Validate startup, persistence path, and local auth boundaries.
- If local public exposure is requested, apply gateway hardening gates from security checklist first.
Branch B: Hosted clone + deploy (mode=hosted)
- Clone the selected OpenClaw source repo.
- Follow provider playbook from
references/openclaw-doc-map.md. - Configure persistent storage before production traffic.
- Configure ingress/auth, secrets, and health checks.
- Verify runtime logs for startup/auth errors and secret leakage.
Write a deploy_complete ledger entry once deployment/install is complete.
5) Configure Channels and Integrations Safely
For each selected channel/integration:
- inject credentials via secret manager/env only
- run a minimal smoke test
- verify auth boundaries and error logging safety
Track each item as:
configuredpending_credentialsblocked
Use references/openclaw-integrations-playbook.md for email/calendar specifics.
6) Agent + Memory Baseline
Document and validate:
- memory persistence strategy
- retention expectations
- restart and recovery behavior
- agent behavior boundaries
Update ledger with operational baseline decisions.
7) Mandatory Security Gate
Run references/openclaw-security-checklist.md and produce pass/fail per gate.
No go-live if any mandatory gate fails.
Write a security_gate ledger entry with explicit blockers (if any).
8) Handover and Incident Readiness
Produce:
- provider status summary
- channel + integration matrix
- security gate table
- rollback and escalation ownership
- follow-up actions by risk order
Write handover ledger entry. For incidents/troubleshooting, append incident entries as events happen.
Output Contract
Always return:
- Mode/provider/OS/environment status summary
- Security gate results (hard pass/fail)
- Channel + integration matrix
- Agent + memory configuration summary
- Ops ledger update confirmation (event names written)
- Follow-up actions ordered by risk
Related Skills
hollaugo/website-manager
tools
VerifiedTrustedCommunity
Create, recreate, redesign, publish, and operate websites managed from Notion, including blogs, CMS-driven sections, widgets, filtering/search interactions, SEO/AEO/GEO improvements, and lightweight deployment workflows. Use when a user wants one skill that can both build and manage a website over time, with OpenClaw-friendly automation but no hard dependency on OpenClaw-specific tooling.
SKILL.mdUpdated Apr 28, 2026
hollaugo/shopify-pilot
tools
VerifiedTrustedCommunity
Connect OpenClaw to the Shopify Admin API and run agent-driven store workflows. Covers authentication setup (client credentials grant), token management, and eight ready-to-run use cases: PDP rewrite, weekly store digest, competitive intelligence, abandoned cart recovery, flash sale planner, low stock alert, customer VIP report, and product launch prep. Use this skill when the user asks about connecting OpenClaw to Shopify, automating any Shopify store task, setting up Shopify API credentials, or running any of the eight use cases.
SKILL.mdUpdated Apr 28, 2026
hollaugo/mcp-app-builder
tools
VerifiedTrustedCommunity
Build new MCP Apps (MCP servers with React UI output) using @modelcontextprotocol/ext-apps and the MCP SDK. Use when asked to scaffold or implement MCP App servers, add UI-rendering tools/resources, or migrate a standard MCP server to an MCP App with Vite single-file UI bundles.
SKILL.mdUpdated Apr 28, 2026
hollaugo/crm-inbound-orchestrator
business
VerifiedTrustedCommunity
Hourly CRM inbound orchestrator for three inboxes using Notion-synced SOP, strict business-lead filtering, Supabase persistence, and actionable-only Slack reporting.
SKILL.mdUpdated Apr 28, 2026