ClawHub

ground-control

v0.3.5

Post-upgrade verification system for OpenClaw. Defines a model/cron/channel ground truth file and a 5-phase automated verification flow (config integrity, AP...

0· 303·0 current·0 all-time
byJonathan Jing@jonathanjing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match what it does: 5-phase verification and optional auto-repair of config and cron. The capabilities it needs (read/patch config, list/update cron, spawn sessions, send messages) are coherent and necessary for those features.
Instruction Scope
All runtime instructions are contained to OpenClaw primitives (gateway, cron, sessions_spawn, message). The skill explicitly instructs the agent to redact sensitive nodes (auth/plugins/credentials) and to never log literal secrets. It reads runtime config and writes a non-sensitive report to memory/ and an ops channel (expected). This is scoped appropriately, but it relies on correct runtime enforcement of the redaction rules — a buggy agent implementation could still leak secrets.
Install Mechanism
Instruction-only skill with no install spec and no downloaded code. Lowest-risk install mechanism.
Credentials
The skill declares no environment variables or external credentials. It uses the platform's existing runtime capabilities to probe provider liveness and channels; this is proportional to its stated purpose.
Persistence & Privilege
The skill can auto-patch runtime config and cron (powerful operations). Auto-fix is bounded by guardrails (dry-run, pause if >3 fields changed, logs before/after). Users should ensure the agent has only necessary permissions and that backups are available before enabling auto-fix.
Assessment
This skill is internally consistent for post-upgrade verification, but it performs powerful changes (gateway config.patch and cron update). Before installing: 1) Ensure the controlling agent has appropriate, least-privilege permissions; 2) Back up your runtime config; 3) Run the skill in --dry-run / report-only mode first to inspect the drift report and confirm redaction behavior; 4) Confirm the ops channel destination is internal and not an external webhook; 5) Review MODEL_GROUND_TRUTH.md to ensure it contains no secrets or credentials. If you rely on the skill's zero-secret logging, audit its first few runs to verify no secret leakage occurs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97356k7zktfby6z53tmbh2521829hm1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments