ClawHub

ground-control

v0.3.5

Post-upgrade verification system for OpenClaw. Defines a model/cron/channel ground truth file and a 5-phase automated verification flow (config integrity, AP...

0· 339·0 current·0 all-time
byJonathan Jing@jonathanjing
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match what it does: 5-phase verification and optional auto-repair of config and cron. The capabilities it needs (read/patch config, list/update cron, spawn sessions, send messages) are coherent and necessary for those features.
Instruction Scope
All runtime instructions are contained to OpenClaw primitives (gateway, cron, sessions_spawn, message). The skill explicitly instructs the agent to redact sensitive nodes (auth/plugins/credentials) and to never log literal secrets. It reads runtime config and writes a non-sensitive report to memory/ and an ops channel (expected). This is scoped appropriately, but it relies on correct runtime enforcement of the redaction rules — a buggy agent implementation could still leak secrets.
Install Mechanism
Instruction-only skill with no install spec and no downloaded code. Lowest-risk install mechanism.
Credentials
The skill declares no environment variables or external credentials. It uses the platform's existing runtime capabilities to probe provider liveness and channels; this is proportional to its stated purpose.
Persistence & Privilege
The skill can auto-patch runtime config and cron (powerful operations). Auto-fix is bounded by guardrails (dry-run, pause if >3 fields changed, logs before/after). Users should ensure the agent has only necessary permissions and that backups are available before enabling auto-fix.
Assessment
This skill is internally consistent for post-upgrade verification, but it performs powerful changes (gateway config.patch and cron update). Before installing: 1) Ensure the controlling agent has appropriate, least-privilege permissions; 2) Back up your runtime config; 3) Run the skill in --dry-run / report-only mode first to inspect the drift report and confirm redaction behavior; 4) Confirm the ops channel destination is internal and not an external webhook; 5) Review MODEL_GROUND_TRUTH.md to ensure it contains no secrets or credentials. If you rely on the skill's zero-secret logging, audit its first few runs to verify no secret leakage occurs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97356k7zktfby6z53tmbh2521829hm1
339downloads
0stars
10versions
Updated 1mo ago
v0.3.5
MIT-0
Jonathan Jing@jonathanjing
latest
Download

ground-control

Post-upgrade verification for OpenClaw. Keeps your system honest after every upgrade.

🛠️ Installation

1. Ask OpenClaw (Recommended)

Tell OpenClaw: "Install the ground-control skill." The agent will handle the installation and configuration automatically.

2. Manual Installation (CLI)

If you prefer the terminal, run:

clawhub install ground-control

Permissions & Privileges

This skill requires the following OpenClaw capabilities:

  • gateway config.get — read current config (all phases)
  • gateway config.patch — auto-fix config drift (Phase 1 only)
  • cron list / cron update — verify and auto-fix cron jobs (Phase 3)
  • sessions_spawn — smoke test sessions (Phase 2, 4, 5)
  • message send — channel liveness test + summary report (Phase 5)

Auto-fix behavior: Phases 1 and 3 will automatically patch config/cron to match GROUND_TRUTH. Use --dry-run to disable auto-fix and get a report-only run.

Security & Redaction: This skill enforces a Zero-Secret Logging protocol.

  • Immediate Redaction: Sensitive nodes (auth, plugins) are stripped from memory after fetching runtime config.
  • Redacted Drift: Mismatches in sensitive fields are reported as [REDACTED_SENSITIVE_MISMATCH].
  • Functional Validation: API keys are tested through functional calls (Phase 2), never through literal comparison.
  • No Persistence: Literal credentials are never written to memory/ files or messaging channels.

Environment variables: None.

When to use

  • After running openclaw update or npm install -g openclaw@latest
  • When you suspect config drift (model changed, cron broken, channel down)
  • Periodic health check via /verify command

Setup

  1. Copy templates/MODEL_GROUND_TRUTH.md to your workspace root
  2. Fill in your actual config values (models, cron jobs, channels)
  3. Add the GROUND_TRUTH sync rule to your AGENTS.md (see README)
  4. Run /verify to test

Files

  • templates/MODEL_GROUND_TRUTH.md — Ground truth template (copy to workspace root)
  • scripts/post-upgrade-verify.md — Agent execution prompt for 5-phase verification
  • scripts/UPGRADE_SOP.md — Upgrade standard operating procedure

Comments

Loading comments...