by needsbuilder
One-click installer for OpenClaw AI agent. macOS & Windows.
# Add to your Claude Code skills
git clone https://github.com/needsbuilder/easyclawLast scanned: 6/27/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@babel/core: @babel/core: Arbitrary File Read via sourceMappingURL Comment",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "electron: Electron: AppleScript injection in app.moveToApplicationsFolder on macOS",
"severity": "high"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild allows arbitrary file read when running the development server on Windows",
"severity": "low"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "form-data: form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "js-yaml: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: lodash vulnerable to Code Injection via `_.template` imports key names",
"severity": "high"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "rollup: Rollup 4 has Arbitrary File Write via Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tar: tar has Hardlink Path Traversal via Drive-Relative Linkpath",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tmp: tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
"severity": "high"
},
{
"type": "npm-audit",
"message": "undici: Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"severity": "high"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "high"
}
],
"status": "WARNING",
"scannedAt": "2026-06-27T06:53:13.988Z",
"npmAuditRan": true,
"pipAuditRan": true,
"promptInjectionRan": true
}easyclaw is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by needsbuilder. One-click installer for OpenClaw AI agent. macOS & Windows. It has 126 GitHub stars.
easyclaw returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/needsbuilder/easyclaw" and add it to your Claude Code skills directory (see the Installation section above).
easyclaw is primarily written in TypeScript. It is open-source under needsbuilder on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh easyclaw against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
EasyClaw is a desktop installer that sets up OpenClaw AI agent without any terminal commands.
Download → Run → Enter API key — that's it. Three steps.
| OS | File | Link |
|---|---|---|
| macOS | .dmg |
Download |
| Windows | .exe |
Download |
You can also download from easyclaw.kr — it auto-detects your OS.
We're in the process of obtaining a Windows code signing certificate. You may see a security warning during installation.
- VirusTotal scan result — 0 detections across 94 antivirus engines
- Fully open source — anyone can inspect the code
- Built with GitHub Actions CI/CD — transparent build process
| Area | Technology |
|---|---|
| Framework | Electron + electron-vite |
| Frontend | React 19 + Tailwind CSS 4 |
| Language | TypeScript |
| Build/CI | electron-builder + GitHub Actions |
| Code Sign | Apple Notarization (macOS) / SignPath (Windows, pending) |
npm install # Install dependencies
npm run dev # Development mode (electron-vite dev)
npm run build # Type check + build
npm run lint # ESLint
npm run format # Prettier
Platform-specific packaging:
npm run build:mac-local # macOS local build
npm run build:win-local # Windows local build
Note: macOS code signing requires
APPLE_ID,APPLE_APP_SPECIFIC_PASSWORD,APPLE_TEAM_ID,CSC_LINK,CSC_KEY_PASSWORDenvironment variables. Without them, the app will be built unsigned.
src/
├── main/ # Main process (Node.js)
│ ├── services/ # Env check, installer, onboarding, gateway
│ └── ipc-handlers # IPC channel router
├── preload/ # contextBridge (IPC API bridge)
└── renderer/ # React UI (7-step wizard)
api/ # Vercel serverless functions
docs/ # Landing page (easyclaw.kr)
Contributions are welcome! Please read CONTRIBUTING.md before getting started.
Built on OpenClaw (MIT License) by the openclaw team.