OpenClaw Master Ops

v1.1.0

The definitive OpenClaw operations & expertise skill. Combines CLI mastery, gateway administration, security auditing, troubleshooting, channel management, a...

⭐ 0· 91·0 current·0 all-time

by@autosolutionsai-didac

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for autosolutionsai-didac/autosolutions-openclaw-master-ops.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "OpenClaw Master Ops" (autosolutionsai-didac/autosolutions-openclaw-master-ops) from ClawHub.
Skill page: https://clawhub.ai/autosolutionsai-didac/autosolutions-openclaw-master-ops
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install autosolutions-openclaw-master-ops

ClawHub CLI

Package manager switcher

npx clawhub@latest install autosolutions-openclaw-master-ops

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description align with the content: SKILL.md documents gateway/agent/channel/security operations and troubleshooting, and included code (release-tracker.py) implements the release-tracking functionality described. The operations and release-tracking behaviour are coherent with the stated purpose. Minor mismatch: the skill does not declare required binaries (openclaw CLI, python3, sqlite3) even though both the documentation and script assume them.

ℹ

Instruction Scope

Instructions instruct the agent/operator to run many privileged operational CLI commands (start/stop gateway, security audit, secrets get/set, kill sessions, add cron jobs, edit files under a workspace). Those are expected for an ops skill, but they legitimately touch sensitive data (secrets, credentials/, sessions/) and local filesystem state. The SKILL.md and references include hardcoded user paths (e.g., /home/marius/.openclaw/..., /home/marius/.npm-global/...), which is sloppy and could cause accidental writes or misdirected paths if followed verbatim.

✓

Install Mechanism

No install spec (instruction-only plus included small script) — lowest install risk. The Python script is included in the package rather than downloaded at install time, so there's no remote arbitrary code download in the install spec.

ℹ

Credentials

The skill requests no environment variables or credentials in metadata, which is consistent with an instruction-only ops skill. However, runtime commands (openclaw secrets, openclaw doctor --generate-gateway-token, cron jobs that run scripts) will access local credentials and secret stores via the openclaw CLI if executed. The SKILL.md does not declare that the openclaw CLI and python3 are required, and it does not warn about the script reading local docs under a specific home directory; both omissions reduce transparency.

✓

Persistence & Privilege

always is false and the skill is not requesting forced permanent presence. It suggests adding cron jobs to run the release-tracker, which is a normal ops pattern. The skill does not attempt to modify other skills or system-wide agent configs in the materials provided.

Assessment

This skill is broadly coherent for OpenClaw operations, but review before installing: (1) ensure you have python3, sqlite3 and the openclaw CLI available — the pack does not declare them; (2) inspect scripts/release-tracker.py for any hardcoded paths or commands and adjust paths (the docs reference /home/marius) before scheduling cron jobs; (3) be aware the skill's runtime commands will legitimately access secrets and local credential/session files via the openclaw CLI — only run on a host/account you trust; (4) if you do not want autonomous runs of cron or automated repairs, avoid scheduling the suggested cron jobs or restrict the skill's ability to run unattended. If you want higher assurance, ask the publisher for a signed source or a versioned upstream repository and a manifest listing required binaries and intended file paths.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dve85scr1v49x6xpxp3b0ys859vzr

91downloads

0stars

2versions

Updated 1w ago

v1.1.0

MIT-0

OpenClaw Master Operations

The comprehensive OpenClaw operations skill — combining CLI mastery, gateway administration, security hardening, troubleshooting workflows, and production best practices.

When to Use This Skill

Use this skill whenever the user needs to:

Set up OpenClaw — Installation, initial config, onboarding, multi-node deployments
Operate the Gateway — Start/stop/restart, bind modes, auth, discovery, Tailscale exposure
Debug issues — Connection failures, auth errors, channel problems, agent crashes, exec failures
Harden security — Audit config, fix permissions, tighten group policies, SecretRef management
Manage channels — Telegram, WhatsApp, Discord, Slack, Signal setup and troubleshooting
Configure agents/models — Model routing, sandbox settings, tool profiles, ACP harness setup
Automate operations — Cron jobs, scheduled tasks, watchdogs, health monitoring
Manage plugins/skills — Install, update, publish to ClawHub, troubleshoot plugin conflicts
Respond to incidents — Gateway crashes, session corruption, credential expiry, approval failures

Core Principles

1. Safety First

Back up before destructive actions — Always backup openclaw.json, credentials/, sessions/ before --fix operations
Prefer trash over rm — Use recoverable deletion when cleaning up state
Verify before applying — Show users what will change before running --fix or --repair commands
SecretRef awareness — Know when config values are secret-managed vs plaintext

2. Diagnostic Discipline

Follow this triage sequence for any OpenClaw issue:

1. Check gateway status → openclaw gateway status
2. Run health check → openclaw doctor
3. Inspect logs → openclaw logs --recent 50
4. Verify auth → openclaw gateway query whoami
5. Check channels → openclaw channels list
6. Test exec → openclaw exec "echo test"
7. Security audit → openclaw security audit

3. Output Hygiene

Prefer --json for automation — Machine-readable output for scripts/CI
Use --no-color in logs — Clean output for cron/webhook contexts
Redact sensitive data — Never log tokens, passwords, or credential paths

Command Reference

Gateway Operations

# Start/Stop/Restart
openclaw gateway start
openclaw gateway stop
openclaw gateway restart
openclaw gateway status

# Run in foreground (dev)
openclaw gateway run --bind loopback --auth token

# Query running gateway
openclaw gateway query whoami
openclaw gateway query sessions
openclaw gateway query channels
openclaw gateway query nodes

# Discovery (find gateways on network)
openclaw gateway discover
openclaw gateway discover --wide  # DNS-SD beyond local network

Health & Diagnostics

# Quick health check
openclaw doctor

# Auto-repair common issues
openclaw doctor --repair
openclaw doctor --repair --non-interactive

# Deep scan (includes system services)
openclaw doctor --deep

# Generate gateway token
openclaw doctor --generate-gateway-token

Security Operations

# Security audit
openclaw security audit
openclaw security audit --deep
openclaw security audit --json | jq '.summary'

# Apply safe fixes
openclaw security audit --fix
openclaw security audit --fix --json

# Manage secrets
openclaw secrets list
openclaw secrets get <name>
openclaw secrets set <name> <value>
openclaw secrets delete <name>

Channel Management

# List channels
openclaw channels list
openclaw channels list --json

# Channel status
openclaw channels status telegram
openclaw channels status whatsapp

# QR codes (for WhatsApp/Telegram bot setup)
openclaw qr show telegram
openclaw qr show whatsapp

# Channel troubleshooting
openclaw channels repair telegram
openclaw channels repair whatsapp

Node & Agent Management

# List nodes
openclaw nodes list
openclaw nodes status

# Node pairing
openclaw node pair
openclaw node unpair <node-id>
openclaw pairing list

# Agent management
openclaw agents list
openclaw agent status <agent-id>
openclaw agent restart <agent-id>

# ACP harness (Claude Code, Cursor, etc.)
openclaw acp list
openclaw acp status

Session Management

# List sessions
openclaw sessions list
openclaw sessions list --active-minutes 30
openclaw sessions list --kinds subagent

# Session history
openclaw sessions history <session-key>
openclaw sessions history <session-key> --limit 50 --include-tools

# Send to session
openclaw sessions send <session-key> "message here"

# Kill session
openclaw sessions kill <session-key>

Cron & Automation

# List cron jobs
openclaw cron list
openclaw cron list --json

# Manage jobs
openclaw cron add "0 6 * * *" "openclaw doctor --repair"
openclaw cron remove <job-id>
openclaw cron run <job-id>

# Heartbeat management
openclaw heartbeat status
openclaw heartbeat run

Plugin & Skill Management

# Skills (ClawHub)
clawhub install <skill-slug>
clawhub update <skill-slug>
clawhub update --all
clawhub list
clawhub search "<query>"

# Plugins
openclaw plugins list
openclaw plugins install <plugin-name>
openclaw plugins update <plugin-name>
openclaw plugins remove <plugin-name>

Logs & Debugging

# Recent logs
openclaw logs --recent 100
openclaw logs --follow
openclaw logs --level debug

# Gateway logs
openclaw logs gateway --recent 50

# Agent logs
openclaw logs agent <agent-id> --recent 50

# Export logs
openclaw logs export ./logs-backup.tar.gz

Config Management

# View config
openclaw config list
openclaw config get <key>
openclaw config get gateway.auth.token

# Set config
openclaw config set <key> <value>
openclaw config set gateway.mode local

# Delete config
openclaw config delete <key>

# Backup/Restore
openclaw backup create
openclaw backup list
openclaw backup restore <backup-id>

System Operations

# System status
openclaw system info
openclaw system status
openclaw system resources

# Update OpenClaw
openclaw update
openclaw update --preview

# Reset (careful!)
openclaw reset --keep-channels
openclaw reset --all  # Full reset

Troubleshooting Playbooks

Gateway Won't Start

# 1. Check if something's using the port
lsof -i :18789
netstat -tlnp | grep 18789

# 2. Kill existing process
openclaw gateway stop --force

# 3. Check config
openclaw config get gateway.mode
openclaw config get gateway.bind

# 4. Run doctor
openclaw doctor --repair

# 5. Check logs
openclaw logs gateway --recent 100

"Pairing Required" Errors

# 1. Check pairing status
openclaw pairing list

# 2. Re-pair node
openclaw node pair

# 3. If still failing, reset pairing
openclaw config delete nodes.paired
openclaw node pair

# 4. For mobile apps, show QR
openclaw qr show

Channel Auth Failures

# 1. Check channel status
openclaw channels status <channel>

# 2. Verify credentials exist
ls -la ~/.openclaw/credentials/

# 3. Re-authenticate
openclaw channels auth <channel>

# 4. For Telegram/WhatsApp, regenerate QR
openclaw qr show <channel>

Exec Approval Timeouts

# 1. Check approval config
openclaw config get gateway.nodes.allowCommands
openclaw config get gateway.nodes.denyCommands

# 2. Check pending approvals
openclaw approvals list

# 3. For known-safe commands, add to allowlist
openclaw config set gateway.nodes.allowCommands '["ls", "cat", "grep"]'

# 4. Restart gateway
openclaw gateway restart

Session Corruption

# 1. List sessions
openclaw sessions list

# 2. Kill problematic session
openclaw sessions kill <session-key>

# 3. Clean up orphaned transcripts
openclaw doctor --repair

# 4. If severe, reset sessions
openclaw reset --sessions-only

Model/API Errors

# 1. Check model config
openclaw config get agents.defaults.model

# 2. Test inference
openclaw infer --model qwen/qwen3.5-plus "Hello"

# 3. Check provider status
openclaw models list

# 4. Rotate API keys if needed
openclaw secrets set OPENAI_API_KEY <new-key>

Security Hardening Checklist

Run these periodically (weekly for production):

# 1. Security audit
openclaw security audit --deep

# 2. Apply safe fixes
openclaw security audit --fix

# 3. Check for exposed secrets
openclaw secrets list --show-metadata

# 4. Verify channel allowlists
openclaw config get channels.telegram.allowFrom
openclaw config get channels.whatsapp.allowFrom

# 5. Check group policies
openclaw config get channels.telegram.groupPolicy
openclaw config get channels.whatsapp.groupPolicy

# 6. Audit installed plugins
openclaw plugins list
clawhub list

# 7. Review recent sessions
openclaw sessions list --active-minutes 1440

# 8. Check for updates
openclaw update --check

Production Best Practices

1. Use SecretRef for Sensitive Values

{
  "gateway.auth.token": {
    "$secretRef": "gateway-token"
  },
  "channels.telegram.token": {
    "$secretRef": "telegram-bot-token"
  }
}

2. Enable Sandbox Mode

openclaw config set agents.defaults.sandbox.mode on
openclaw config set agents.defaults.sandbox.docker true

3. Configure Session DM Scope

For shared inboxes:

openclaw config set session.dmScope per-channel-peer

4. Set Up Monitoring Cron

# Health check every 30 minutes
openclaw cron add "*/30 * * * *" "openclaw doctor --non-interactive"

# Security audit weekly
openclaw cron add "0 3 * * 0" "openclaw security audit --deep --json > ~/security-audit.json"

5. Enable Logging Redaction

openclaw config set logging.redactSensitive tools

6. Configure Model Routing

# Default model for agents
openclaw config set agents.defaults.model.primary qwen/qwen3.5-plus

# Fallback model
openclaw config set agents.defaults.model.fallback zai/glm-5

# Model for specific tasks
openclaw config set agents.defaults.model.reasoning qwen/qwen3.5-plus

Quick Reference: Command Families

Family	Commands	Use When
Gateway	`gateway start/stop/status/query`	Managing the WebSocket server
Health	`doctor`, `health`	Diagnosing issues
Security	`security audit`, `secrets`	Hardening config
Channels	`channels list/status/repair`, `qr`	Channel setup/debug
Nodes	`nodes list`, `node pair`, `pairing`	Multi-node setups
Agents	`agents list`, `agent status`, `acp`	Agent management
Sessions	`sessions list/history/send/kill`	Session orchestration
Cron	`cron list/add/run/remove`	Automation
Plugins	`plugins list/install/update`	Plugin management
Skills	`clawhub install/update/search`	Skill management
Config	`config list/get/set/delete`	Config changes
Logs	`logs --recent/--follow`	Debugging
System	`system info/status/update`	System ops

Escalation Paths

When standard troubleshooting fails:

Check official docs — openclaw docs or https://docs.openclaw.ai
Search ClawHub — clawhub search "<topic>" for relevant skills
Check GitHub issues — https://github.com/openclaw/openclaw/issues
Discord community — https://discord.gg/clawd
Enable debug logging — openclaw config set logging.level debug

Notes

Profile isolation — Use --profile <name> to isolate state: openclaw --profile dev gateway
Dev mode — Use --dev flag for isolated dev environment: openclaw --dev gateway
Container targeting — Use --container <name> to target specific containers
JSON output — Add --json for machine-readable output in all commands
No color — Add --no-color or set NO_COLOR=1 for clean logs

Release Tracking

This skill includes automated OpenClaw release tracking to stay current with frequent updates.

Database

Location: skills/openclaw-master-ops/release-history.db

Tracks:

Release versions and changelogs
Breaking changes (auto-detected)
Skill knowledge verification status

Commands

cd /home/marius/.openclaw/workspace/skills/openclaw-master-ops

# Sync latest releases from GitHub
python3 scripts/release-tracker.py sync

# View release history
python3 scripts/release-tracker.py history

# Check breaking changes
python3 scripts/release-tracker.py breaking

# Check if skill needs updates
python3 scripts/release-tracker.py skill-update

# Export for skill context
python3 scripts/release-tracker.py export

Automated Sync (Cron)

# Weekly sync (Sundays 3 AM)
openclaw cron add "0 3 * * 0" "cd ~/.openclaw/workspace/skills/openclaw-master-ops && python3 scripts/release-tracker.py sync"

# Daily check for updates
openclaw cron add "0 8 * * *" "cd ~/.openclaw/workspace/skills/openclaw-master-ops && python3 scripts/release-tracker.py skill-update"

When OpenClaw Updates

After running openclaw update:

Run sync — python3 scripts/release-tracker.py sync
Check breaking — python3 scripts/release-tracker.py breaking
Review skill updates — python3 scripts/release-tracker.py skill-update
Update skill if needed — Edit SKILL.md based on breaking changes
Republish — clawhub publish ... --version 1.X.0 --changelog "Updated for OpenClaw <version>"

Breaking Change Detection

Auto-detects these patterns in changelogs:

removed → feature_removal
deprecated → deprecation
breaking → breaking_change
migration → migration_required
changed default → default_change
config schema → config_change
command removed → command_removal

See references/release-tracking.md for full workflow.

Related Skills

deep-research — For researching OpenClaw topics, comparing configurations
plugin-publisher — For creating and publishing OpenClaw plugins
npd-validator — For validating new OpenClaw feature ideas

Comments

Loading comments...