Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Custodian
v1.0.0Autonomously monitors OpenClaw system health, fixes log errors, initializes skills, registers tasks, and performs overnight maintenance to surface unresolved...
⭐ 0· 41·0 current·0 all-time
byIndigo Karasu@indigokarasu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (custodian that monitors logs, cron, skill data and performs Tier 1 fixes) aligns with the instructions and bundled artifacts. It reads/writes OCAS data dirs, skill journals, gateway logs, and edits cron entries and JSONL state files — all expected for a maintenance/repair agent. It does not request unrelated credentials or external services in the registry metadata.
Instruction Scope
SKILL.md explicitly instructs reading many system paths (~/.openclaw, /tmp/openclaw, skill data dirs), tailing logs, editing cron entries, creating directories, rotating JSONL files, running `openclaw doctor`, generating gateway tokens, and performing OAuth refreshes. These actions are coherent with maintenance duties but are high-impact (can change scheduling, create tokens, refresh auth). The skill also has a 'web search pass' and coordinates with other skills (Sift, Vesper, Mentor) which can trigger external network queries. No instructions direct data to unknown remote endpoints or request secrets, but the breadth of file/system access is significant and should be authorized deliberately.
Install Mechanism
This is instruction-only with no install spec or code files to execute; that is the lowest-risk install model. SKILL.md contains an 'install' hint referencing a GitHub repo, but the registry package itself contains the necessary docs and references; no archive downloads or executables are included here.
Credentials
The skill declares no required environment variables or credentials (primary credential: none). However, runtime actions (OAuth refresh, generating gateway token via `openclaw doctor`) will affect authentication state and may rely on existing system tokens/config. It does not explicitly request external credentials, which is proportionate, but the agent will touch authentication artifacts that deserve review because logs or files it reads could contain tokens.
Persistence & Privilege
Flags are default (not always:true) and model invocation is allowed (normal). Custodian is expected to register cron/heartbeat jobs and write into its own data directories; it will also edit the global cron registry and potentially generate gateway/OAuth tokens. Those are normal for a system caretaker, but they are privileged operations — consider whether you want autonomous invocation or prefer manual runs until you trust behavior.
Assessment
Custodian's behavior is internally consistent with a system-maintenance role, but it performs high-impact operations: it will read gateway logs and many skill data dirs, edit cron entries, create/rotate JSONL files, and can generate gateway tokens or refresh OAuth. Before installing: (1) verify you trust the source repository (the SKILL.md references a GitHub repo); (2) back up your cron/jobs.json, gateway config, and any critical skill data; (3) run the skill manually (custodian.scan.light / custodian.scan.deep) in a controlled environment to review proposed fixes rather than allowing full autonomous repair; (4) inspect references/known_issues.json and custodian-repair.plan to confirm auto-fix commands are acceptable for your environment; (5) consider disabling autonomous invocation until satisfied, and ensure downstream collaborator skills (Sift, Vesper, Mentor) are also trustworthy. If you want a stricter assessment, provide the actual openclaw binary implementations for 'openclaw doctor/cron' or logs showing how tokens are stored/used — that would raise confidence to high.Like a lobster shell, security has layers — review code before you run it.
latestvk97b83xzqf0c0mm8sfpefj248s83sysc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.