Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dolores 运维工具
v1.1.0OpenClaw 运维工具 - 负责 AI 助手自身的日常运维工作。 包括:健康检查、Memory 同步、目录清理、日志管理、定时任务管理。
⭐ 0· 71·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (assistant ops: health checks, memory sync, cleanup, logs, cron) is largely consistent with the instructions (checking gateway, logs, token usage, cleaning temp files, writing memory files, creating cron). Nothing demands unrelated cloud credentials or external services. However the skill refers to platform-specific commands like `sessions_history` and `session_status` that are not explicitly enumerated in the allowed-tools list, which suggests either missing documentation or an assumption about available platform APIs.
Instruction Scope
Instructions explicitly require reading conversation/session history and writing persistent memory files (memory/YYYY-MM-DD.md, MEMORY.md). Those actions are privacy-sensitive and should be narrowly scoped and consented to. The skill also performs deletion and cron creation. Although it lists safe rules (do not delete certain dirs; require confirmation), the runtime instructions grant broad discretion (list workspace, identify and delete files, archive logs) — without a precise, auditable mapping of which commands will run or which session APIs are available, the scope is broader than the description's safeguards fully constrain.
Install Mechanism
Instruction-only skill with no install spec and no third-party downloads. This minimizes code-installation risk; nothing will be written to disk by an installer. The runtime, however, relies on platform CLIs/APIs being present (e.g., `openclaw` CLI and session-related commands).
Credentials
The skill declares no required environment variables or credentials, which is proportionate. Nevertheless, it will access sensitive local artifacts (session histories, MEMORY.md, USER.md, logs under /tmp/openclaw/) and can create cron tasks. Those are powerful capabilities even without explicit credentials and should be justified to users beforehand.
Persistence & Privilege
always:false (not force-installed) and user-invocable=true are reasonable. The skill is allowed to create cron jobs and write persistent memory files — a normal capability for an ops tool but one that increases long-term impact. Consider limiting autonomous invocation or requiring explicit user confirmation for cron creation and memory writes.
What to consider before installing
Before installing, verify the following: (1) confirm what platform APIs/commands actually exist for sessions (the doc mentions `sessions_history` and `session_status` but allowed-tools lists only sessions_list) — if those APIs grant access to full conversation logs, understand retention and redaction policies; (2) decide and document what types of user data are allowed to be persisted to MEMORY.md and get explicit user consent; (3) require interactive confirmation for any deletion or cron-creation operations and consider a dry-run/read-only mode for audit; (4) ask the publisher for source/homepage or code to review (skill is from an unknown source); (5) if you want to reduce blast radius, restrict autonomous invocation or require manual approval for actions that modify cron or persistent files.Like a lobster shell, security has layers — review code before you run it.
latestvk973q1x3efbb18tjzqh96vy2458413sj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.