Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclaw-stable-running
v1.0.0OpenClaw 7×24 小时长稳运行方案 — 进程守护、异常重启、断连重连、断点续跑、资源回收、日志监控。确保 OpenClaw 零崩溃、零断连、零漏执行。无人值守必备。
⭐ 0· 79·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (process/connection/backup/monitoring for OpenClaw) matches the provided systemd/PM2 scripts and health/cleanup/network monitors. However, the package does not declare required binaries or system privileges even though it assumes tools and paths (openclaw binary, systemctl, pm2, curl, ping, ip, /etc/systemd, /var/log, /home/openclaw). Not declaring these is an incoherence: the skill needs system-level capabilities but the metadata lists no requirements.
Instruction Scope
SKILL.md and scripts instruct actions beyond simple process supervision: writing a systemd unit (/etc/systemd), restarting services (systemctl/pm2), manipulating default network route (ip route replace), and deleting old logs/tmp files. These are plausible for HA tooling but are system-wide and potentially disruptive; some example code also references external APIs (OpenAI retry snippet, optional Uptime Kuma URL) and Redis connection logic — the instructions do not declare or limit the network endpoints or secret usage.
Install Mechanism
There is no install spec (instruction-only with scripts). That lowers installer risk because nothing is automatically downloaded/executed by an installer. The risk is instead in the manual system operations and scripts that the operator will run.
Credentials
The code references environment and credential values that are not declared in the registry metadata: e.g. process.env.REDIS_PASSWORD (references in task-resume), UPTIME_KUMA_URL, MAIN_IFACE/BACKUP_IFACE/CHECK_TARGET, and potentially API keys for LLM calls. The systemd example also points at an EnvironmentFile (/home/openclaw/.openclaw/.env). Requiring secrets (Redis password, LLM API key) without declaring them is a mismatch and increases the chance of misconfiguration or accidental exposure.
Persistence & Privilege
The skill does not request 'always', but the runtime actions require elevated privileges (writing service units, restarting system services, replacing default route) or being run as a privileged user (crontab entries writing to /var/log, ip route). That level of system presence is significant; the package does not call this out in metadata and could be disruptive if run with inappropriate privileges.
What to consider before installing
This package is a reasonably coherent set of scripts and instructions to keep an OpenClaw gateway running 24/7, but it assumes system-level privileges and several undeclared binaries/ENV values. Before installing or running anything: 1) Review every script line-by-line (the scripts will modify /etc/systemd, /var/log, /home/openclaw, and can change the default network route). 2) Ensure the 'openclaw' binary, pm2, systemctl, curl, ping, ip and other tools are present and trusted. 3) Identify and provision secrets the code expects (e.g., REDIS_PASSWORD, any LLM API key referenced, UPTIME_KUMA_URL), and store them securely — the skill metadata does not declare these. 4) Run first in a safe environment (VM/container) to observe behavior, especially network_monitor.sh which replaces default route and can cut network access. 5) Prefer running service installation steps with an administrator who understands systemd/iptables/routing and set up a dedicated least-privileged 'openclaw' user and proper file permissions. If you cannot verify the above, treat the package as potentially risky and avoid running scripts as root on production hosts.Like a lobster shell, security has layers — review code before you run it.
latestvk9714w7pvc4kmjr9kgdv0k212h83pse2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.