ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

System Selfcheck

v1.2.0

系统自检:一键诊断 OpenClaw 运行环境,输出结构化报告。 检查系统资源、运行时依赖、网络连通性、API 配置、Skills 状态。 预留 MiClaw / Hermes 平台适配。

0· 93·0 current·0 all-time
by@aaroncxxx

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aaroncxxx/system-selfcheck.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "System Selfcheck" (aaroncxxx/system-selfcheck) from ClawHub.
Skill page: https://clawhub.ai/aaroncxxx/system-selfcheck
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install system-selfcheck

ClawHub CLI

Package manager switcher

npx clawhub@latest install system-selfcheck
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The script's checks (system, memory, disk, deps, network, OpenClaw gateway/config/skills, and presence of MIMO_API_KEY/ClawHub token) match the skill description. Minor inconsistency: the registry metadata lists no required env vars, yet the script checks MIMO_API_KEY and CLAWHUB_TOKEN and reads config paths (~/.openclaw/openclaw.json, ~/.config/clawhub/config.json). This is coherent with purpose but the metadata omission should be noted.
!
Instruction Scope
SKILL.md plus scripts instruct running a shell script that performs many system checks and (optionally) mutating actions. The `--fix` path installs packages and runs tools that reach out to the network. The script calls `npx clawhub@latest whoami` (executes code downloaded from npm), runs curl against external endpoints, and uses package managers (pip3, apt-get) to install software. These behaviors go beyond passive diagnostics and grant the skill the ability to modify the host and execute remote code.
!
Install Mechanism
There is no formal install spec (instruction-only), which is low risk by itself, but the script itself performs runtime installs: pip3 install (--break-system-packages), apt-get install -y, and npx invocation. Those are effectively dynamic installs of third-party code at runtime and are a higher-risk install mechanism because they pull and execute remote code and may require elevated privileges.
Credentials
The script only checks for presence of MIMO_API_KEY and CLAWHUB_TOKEN (and does not print their values), which is proportionate to a platform health check. However, these env vars were not declared in the skill metadata. Additionally, invoking `npx clawhub@latest whoami` may interact with local auth state and could cause remote code to access credentials implicitly if present; this should be considered when deciding to run the script.
!
Persistence & Privilege
The skill is not force-included (always:false) and does not modify other skills' configs, but the `--fix` option performs system modifications (apt/pip installs) that typically require root and can change the runtime environment. Running with elevated privileges or scheduling the script (cron example in SKILL.md) increases risk because the skill can autonomously alter the host if invoked with `--fix` or if an operator runs it without reviewing.
What to consider before installing
This skill appears to perform the advertised diagnostics, but take care before using its auto-fix mode. Steps to reduce risk: 1) Run the script without `--fix` first to see findings. 2) Inspect the full script source yourself (you already have it) and confirm you trust the remote endpoints it touches (github.com, api.xiaomimimo.com, clawhub.ai, npm registry). 3) Avoid `--fix` on production hosts or run it in a sandbox/container where package installs won't affect critical systems. 4) Be cautious about the npx invocation — it executes code fetched from the npm registry; if you need that check, consider replacing it with a local, pinned tool. 5) If you plan to schedule automatic runs, do not enable `--fix` in unattended cron jobs and ensure the user account used has only the permissions you intend.

Like a lobster shell, security has layers — review code before you run it.

latestvk970xaada8tq3t4rv2n7af66xh85nwre
93downloads
0stars
2versions
Updated 1d ago
v1.2.0
MIT-0
@aaroncxxx
latest
Download

系统自检 System Self-Check

一键诊断 Agent 运行环境,输出结构化健康报告。

关于作者 — 十五年老米粉了!!冲!!!

功能清单:

  • ✅ 系统/内存/磁盘/CPU 检查
  • ✅ Python/Node/ffmpeg/jq 依赖检测
  • ✅ GitHub/MiMo API/ClawHub 网络连通性
  • ✅ OpenClaw Gateway/Config/Skills/API Keys
  • --brief 精简 / --json 结构化 / --fix 自动修复
  • ✅ 预留 MiClaw/Hermes 平台入口
  • ✅ 告警阈值(内存 ⚠️<30% 🔴<10%,磁盘同理,网络 ⚠️>3s 🔴超时)

When to Use

SituationUse this skill?
用户说"系统自检" / "健康检查" / "status check" / "diagnostics"✅ Yes
排查环境问题(依赖缺失、网络不通、配置错误)✅ Yes
定期巡检(配合 cron 定时执行)✅ Yes
部署后验证环境是否就绪✅ Yes

Usage

bash "{baseDir}/scripts/selfcheck.sh" [options]

Options

FlagDescription
--brief精简模式,只显示问题项
--jsonJSON 格式输出
--fix自动修复可修复的问题(安装缺失依赖等)
--platform <name>强制指定平台:openclaw / miclaw / hermes(默认自动检测)

Examples

# 完整自检
bash "{baseDir}/scripts/selfcheck.sh"

# 只看问题
bash "{baseDir}/scripts/selfcheck.sh" --brief

# JSON 输出(方便程序消费)
bash "{baseDir}/scripts/selfcheck.sh" --json

# 自动修复
bash "{baseDir}/scripts/selfcheck.sh" --fix

检查项

通用检查(所有平台)

模块检查内容告警阈值
系统OS、内核、CPU 核数/架构、主机名
内存总量/可用/百分比⚠️ <30% 可用 / 🔴 <10%
磁盘总量/已用/可用⚠️ <30% 可用 / 🔴 <10%
运行时Python、Node 版本
核心依赖ffmpeg、jq、curl、git缺失即 🔴
网络GitHub、MiMo API、ClawHub 连通性⚠️ >3s / 🔴 超时

OpenClaw 专属检查

检查项内容
Gateway运行状态
配置文件~/.openclaw/openclaw.json 完整性
Skills已安装列表 + 缺失依赖
API KeysMIMO_API_KEY / ClawHub Token(仅检查存在,不输出值)

预留平台(TODO)

  • MiClawcheck_miclaw.sh — MiMo Agent 平台适配
  • Hermescheck_hermes.sh — Hermes Agent 平台适配

输出格式

⚡ System Self-Check Report — OpenClaw
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[Platform]  ⚠️ OpenClaw 2026.3.12 (latest: 2026.4.24)
[System]    ✅ Linux 6.8.0 | Xeon × 2 | x86_64
[Memory]    ✅ 3499M total / 2529M available (72%)
[Disk]      ✅ 40G / 30G free (22%)
[Runtime]   ✅ Python 3.12.3 | Node v22.22.1
[Deps]      ✅ ffmpeg 6.1.1 | jq ✅ | curl ✅ | git ✅
[Network]   ✅ github.com 200 (1.2s)
[Network]   ✅ api.xiaomimimo.com 200 (0.3s)
[Skills]    ✅ 42 installed (/root/.openclaw/skills)
[API Keys]  ✅ MIMO_API_KEY | ✅ ClawHub Token
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Summary: 12 passed | 1 warning | 0 failed

版本历史

v1.2 (2026-04-27)

  • 🍎 macOS 内存检测改用 vm_stat,正确计算可用内存(free + speculative pages)
  • 📂 Skills 路径动态获取:优先 openclaw config get skills.dir,不再硬编码
  • 🔄 OpenClaw 版本对比:从 npm registry 拉取最新版本,落后时 warn 提示
  • --brief 模式无问题时输出 "All clear ✅"

v1.0.1 (2026-04-24)

  • 🚀 首发:系统自检 Skill,支持 OpenClaw 平台,预留 MiClaw/Hermes,三种输出模式,告警阈值

定时自检(Cron)

通过 OpenClaw cron 定期执行:

schedule: "0 9 * * *"   # 每天早上 9 点
payload: "执行系统自检并报告异常"

交付格式

  • 默认:直接回复结构化文本报告
  • --json:回复 JSON 格式
  • --brief:只回复问题项,无问题则回复 "All clear ✅"

Comments

Loading comments...