ClawHub

Openclaw Push Doctor

v1.0.2

openclaw-healthcheck is a self-diagnostic skill that checks and repairs openclaw's communication channels and scheduled tasks. It diagnoses Feishu/lark-cli a...

0· 41·0 current·0 all-time
byCosmos Fang@cosmofang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the scripts: checks Feishu (lark-cli), Telegram, WeChat bridge, and cron tasks. Declared binaries (curl, python3, pgrep, lark-cli, crontab) and optional env vars (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, OPENCLAW_CONFIG_DIR, FEISHU_APP_ID) are appropriate for the stated checks.
Instruction Scope
The SKILL.md and scripts instruct the agent/operator to read local files (~/.openclaw/*), inspect logs, run curl against Telegram APIs, check processes with pgrep, and (when fixing) export/edit/import system crontab lines and restart daemons. Those actions are within the tool's purpose, but they involve access to local state and potentially destructive crontab changes. Also: the SKILL.md declares OPENCLAW_CONFIG_DIR as an override, but most scripts hardcode ~/.openclaw instead of reading that env var — a minor inconsistency to be aware of.
Install Mechanism
No install spec (instruction-only) and included scripts are prompt/guidance generators (they print shell steps). There is no download-from-URL or archive extraction. Risk from install mechanism is low.
Credentials
No required secrets are demanded by the skill. Optional env vars (Telegram token/chat id, Openclaw config dir, Feishu app id) are reasonable and used in scripts. The skill explicitly warns not to paste tokens into chat and instructs the user to set tokens in their terminal — consistent with least exposure.
Persistence & Privilege
Registry metadata shows always:false and metadata.openclaw.disable-model-invocation:true (skill will not be autonomously invoked by the model), which reduces autonomous risk. The skill's runtime guidance can modify the user's crontab and local configs, but actions that change crontab are gated behind explicit user confirmation per the scripts.
Assessment
This skill is coherent for diagnosing and repairing Openclaw push channels and cron tasks, but it does read your ~/.openclaw config, logs, and system crontab and can apply crontab edits or restart services if you confirm. Before installing or running: (1) review/backup your crontab and ~/.openclaw directory; (2) don't paste tokens into the chat — follow the skill's guidance to set tokens in your terminal; (3) note the small inconsistency where scripts use ~/.openclaw rather than honoring OPENCLAW_CONFIG_DIR — adjust commands or paths if you store configs elsewhere; (4) only allow dedup/apply steps after you inspect the proposed crontab diff and explicitly confirm. If you want extra safety, run the check scripts first (diagnostic mode) and avoid the --fix/--dedup actions until you are comfortable.

Like a lobster shell, security has layers — review code before you run it.

latestvk979p62kp110yb8czk2n4gwe61849m59

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments