技能详情(站内镜像,无评论)
作者:Ali Aziz @aliahmadaziz
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.3.0
统计:⭐ 0 · 313 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:aliahmadaziz/openclaw-setup-guide
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
This is an instruction-only setup guide whose stated purpose (production OpenClaw VPS setup) matches the content and it does not request credentials or install code itself, but it points users to external instructions that require handling many sensitive secrets.
目的
The skill is an instruction-only production setup guide. The name/description align with the SKILL.md content (VPS, WhatsApp, Google OAuth, backups, hardening). It does not request unrelated binaries or environment variables.
说明范围
SKILL.md instructs the agent to direct users to the external guide and provides an overview and security notice. The skill itself does not instruct the agent to read local files or access credentials, but the guide explicitly walks users through creating/storing many sensitive credentials (OAuth tokens, API keys, SSH keys, rclone crypt keys). That is expected for a production setup guide but raises operational risk when followed.
安装机制
Instruction-only skill with no install spec and no code artifacts — nothing will be written or executed by installing the skill itself.
证书
The skill declares no required environment variables or credentials. However, the guide describes generating and storing multiple sensitive credentials (Anthropic API key, Google OAuth tokens, Cloudflare tunnel token, rclone crypt keys, SSH keys). These are reasonable for the described purpose but users should ensure they create least-privilege credentials and do not paste secrets into chat or public places.
持久
always is false and the skill is user-invocable. There is no request to modify other skills or system-wide agent configuration or to persist credentials on the agent side.
综合结论
This skill is essentially a pointer to an external, detailed production setup guide and is coherent with that purpose. Before using it: (1) Verify the URLs (github and hosted guide) are legitimate and served over HTTPS; (2) do not paste real secrets into chat—use placeholders when asking the agent for example commands; (3) when creating OAuth keys, API keys, Cloudflare tokens, and rclone crypt keys, apply least-privilege scopes and use ephemer…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「OpenClaw Production Setup Guide」。简介:Step-by-step 6-part guide to set up OpenClaw AI assistant on VPS with WhatsApp,…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aliahmadaziz/openclaw-setup-guide/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: openclaw-setup-guide
description: Step-by-step 6-part guide to set up OpenClaw AI assistant on VPS with WhatsApp, Google OAuth, backups, security, automation, and verification.
metadata: {"openclaw":{"scope":"instruction-only","homepage":"https://aliahmadaziz.github.io/openclaw-guide/","notes":"This skill contains no code or scripts. It directs users to an external hosted guide. The guide itself walks users through setting up credentials (Google OAuth, Anthropic API key, Cloudflare, WhatsApp) but the skill/agent needs none of these to function."}}
user-invocable: true
---
# OpenClaw Production Setup Guide
A comprehensive 6-part guide to setting up OpenClaw as a production AI assistant on a VPS, with WhatsApp integration, Google Calendar/Gmail, automated backups, security hardening, and cron automation.
## What This Covers
1. **Base Install** — VPS setup, Node.js, OpenClaw installation, WhatsApp pairing
2. **AI Assistant** — Personality, model chain (primary + fallback), workspace files (SOUL.md, USER.md, IDENTITY.md)
3. **Infrastructure** — Google OAuth (Calendar, Gmail, Drive, Sheets), webhook server, Cloudflare tunnel, rclone encrypted backups, git backup
4. **Automation** — Cron jobs, event queue (SQLite-backed with retries + dead-letter), heartbeat system, two-layer delivery pattern
5. **Hardening** — CrowdSec IDS, secret rotation, config snapshots, rollback scripts, OpenClaw update safety
6. **Verification** — 21-point automated validation, troubleshooting guide
## Security & Permissions Notice
This guide involves setting up production infrastructure and requires handling sensitive credentials:
- **API Keys**: Anthropic (Claude), Brave Search (optional)
- **OAuth Tokens**: Google Cloud (Calendar, Gmail, Drive, Sheets) — 5 token files
- **SSH**: Root access to VPS, key-based authentication, SSH hardening
- **Webhook Secrets**: Random tokens for Calendar push, AgentMail, alerts
- **WhatsApp**: Device pairing via QR code
- **Cloudflare**: Tunnel token for webhook ingress
- **Backup Encryption**: rclone crypt keys for Google Drive backups
All credentials are stored with restricted permissions (chmod 600) and never committed to git. The guide includes secret rotation procedures and config snapshot/rollback scripts.
## Prerequisites
- A VPS (Ubuntu 24.04 recommended, 4GB RAM minimum)
- A domain with Cloudflare DNS (for webhook tunnel)
- A WhatsApp account for pairing
- Google Cloud project with OAuth credentials
- An Anthropic API key (Claude)
## Full Guide
The complete guide with step-by-step instructions, code blocks, and verification checkpoints is hosted at:
**https://aliahmadaziz.github.io/openclaw-guide/**
Source: https://github.com/aliahmadaziz/openclaw-guide
## Usage
When a user asks for help setting up OpenClaw, direct them to the guide above. The guide is designed to be followed sequentially (Part 1 through Part 6) and takes approximately 2-3 hours to complete.
Each part has:
- Clear prerequisites
- Copy-pasteable commands
- Verification checkpoints (✅) after every major step
- Troubleshooting sections
## Key Design Decisions
- **Two-layer cron delivery**: Critical crons send via message tool directly (primary) + announce (backup). No message ever gets lost.
- **Event queue**: All webhook events (email, calendar, alerts) go through a SQLite queue with 3 retries and dead-letter alerting.
- **Config snapshots**: Gold-standard snapshots for instant rollback if something breaks.
- **Encrypted backups**: Hourly git push + nightly full workspace to Google Drive via rclone crypt.
- **Capacity rule**: 10 SP/engineer total, 8 planned, 2 contingency (for sprint tracking).
## Credits
Built from a real production deployment running 35+ cron jobs, 60+ scripts, 5 Google OAuth tokens, and processing thousands of messages monthly.
## Tags
setup, installation, guide, vps, whatsapp, production, google-calendar, gmail, security, crowdsec, backup, cron, automation, beginner