Heartbeat Ollama Guard
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its advertised local heartbeat-guard purpose, but it installs a persistent auto-reverting service and contains unsafe macOS notification command construction.
Install only if you intentionally want a background service that enforces the local Ollama heartbeat setting. Review the generated guard config and service files, keep backups, validate model names, and prefer a patched version that safely escapes macOS notification text.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
On macOS, a crafted guard configuration or model value containing AppleScript syntax could cause the persistent guard to run unintended AppleScript when it sends a notification.
The guard daemon builds AppleScript source using f-string interpolation, and the notification body includes the expected model value read from the guard config. The visible code does not escape quotes or validate the text before passing it to osascript.
script = (f'display notification "{body}" with title "{title}" ' ...); ... f"改回: {expected}"Escape AppleScript strings or use a safer notification API, and validate model/config values to a strict Ollama model-name pattern before storing or displaying them.
If installed and forgotten, the guard may keep undoing later heartbeat model changes until the guard config is updated or the guard is uninstalled.
The skill intentionally installs a long-running guard that checks configuration every 60 seconds and reverts changes it considers unauthorized.
部署一个 60s 轮询守卫,检测到未授权修改立即回滚并发出系统通知
Install only if you want ongoing enforcement. Keep the documented authorization and uninstall steps available, and verify the LaunchAgent/systemd service status after setup.
A setup run can affect multiple OpenClaw instances and change which model their heartbeat uses.
The skill is designed to modify OpenClaw configuration across all discovered instances. This is disclosed and purpose-aligned, but it is still broad mutation authority over agent runtime behavior.
将所有 OpenClaw 实例的 `agents.defaults.heartbeat.model` 改为 `local/<model>`
Review the instances selected during setup, keep the automatic backups, and run `--status` after installation to confirm only the intended configs changed.
Users who follow that command execute code downloaded from the Ollama site.
The documentation includes a user-directed remote install script for Ollama. This is common integration setup, but it depends on trusting the external source at install time.
curl -fsSL https://ollama.com/install.sh | sh
Prefer official package-manager or signed installer instructions where possible, and review external install scripts before running them.