Service Persistence

What to consider before installing: - Inspect and edit the scripts before deploying: replace hard-coded HOME (/Users/btai) and any absolute paths with variables or your own paths so they don't act on someone else's environment. - Pay special attention to scripts/restore-claude-telegram.sh: it launches a Claude process with '--dangerously-skip-permissions --permission-mode bypassPermissions' and a Telegram plugin. These flags likely disable built-in permission checks and could allow the process to access files, network endpoints, or credentials without further prompts. Remove or understand these flags before use. - The wrapper auto-accepts 'trust this folder' prompts by sending Enter to tmux panes. This can silently approve prompts that affect file access or authorization—remove auto-confirm behavior or require manual intervention for sensitive prompts. - Test in an isolated account or VM first. Verify what each LaunchAgent will run, check logs in ~/.openclaw/logs, and confirm no unexpected network connections or access to secrets occur. - If you only need non-interactive services, prefer Tier 1 LaunchAgents with explicit ProgramArguments and avoid tmux wrappers. For interactive services, require manual approval rather than automatic trust/confirmation. - After deployment, review ~/Library/LaunchAgents entries and the actual plist contents; uninstall (launchctl unload and remove plist) if behavior is unexpected. If you want, I can (1) produce a sanitized version of these scripts that remove auto-confirm and permission-bypass flags, (2) generate a checklist of exact lines to change for your username and paths, or (3) walk through a safe test plan to validate the skill in a sandbox.