System Maintenance Test
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: system-maintenance-test Version: 1.3.2 The skill bundle describes a comprehensive system maintenance suite with high-privilege capabilities, including cron job modification, service management (pkill), and automated shell script execution (e.g., install-maintenance-system.sh, daily-maintenance.sh). While the stated intent is legitimate system upkeep, the broad permissions requested for filesystem governance and service recovery are inherently risky. Furthermore, the actual logic within the shell scripts and entry.js is not provided for verification, and the 'system-maintenance-test' slug suggests an experimental or non-production status.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill as documented could run unreviewed maintenance code from outside the package.
The reviewed package does not include the referenced scripts, so the core setup depends on fetching and running external shell code that was not included in the artifacts under review.
git clone https://github.com/jazzqi/openclaw-system-maintenance.git ... chmod +x scripts/*.sh ... bash scripts/install-maintenance-system.sh
Do not run the installer until the external repository and scripts are independently reviewed and the package includes or pins the exact code it expects to execute.
The agent could be guided toward restarting services, deleting or rotating logs, cleaning files, or changing system state in ways the user did not fully review.
These are high-impact system mutation capabilities, but the artifact does not define safe target scopes, affected directories/services, confirmation requirements, or rollback details.
Auto-recovery of failed services ... Log rotation & cleanup ... Temporary file cleanup ... Full optimization cycle
Require explicit user approval for each mutating action, default to dry-run/report-only modes, and document exact paths, services, and reversible changes.
A one-time setup could leave background maintenance jobs running repeatedly and making changes later.
The skill advertises persistent recurring automation that continues beyond a single user request, but the reviewed artifacts do not provide the scheduler implementation or clear controls to stop or contain it.
Automated monitoring every 5 minutes ... Every 5 min | Real-time Monitoring | Gateway monitoring & auto-recovery
Only enable scheduled jobs after reviewing the exact cron entries, recovery actions, logs, and uninstall/disable procedure.
Maintenance results or generated notes could persist and influence future agent behavior.
The skill says it updates a persistent learning/context area automatically, but does not explain what is stored, how it is validated, or when it is reused.
Automatic .learnings/ updates
Review and approve any persistent learning updates, and keep them limited to non-sensitive, factual maintenance records.