ClawDoctor

Key things to consider before installing: - Metadata mismatch: The skill's docs call the 'openclaw gateway' CLI and read/write memory/*.json, but the registry metadata declares no required binaries or config paths. Treat that as a red flag — confirm the environment will provide the gateway CLI and that you understand the file writes. - Privileged gateway access: The skill lists agents, fetches session transcripts, and includes config.patch fix payloads. Those operations require gateway privileges and can change other agents' configs. Only install if you trust the skill author and you intend it to run with fleet-admin level access. - Sensitive data exposure: The skill fetches full transcripts (exact session keys). Transcripts can include secrets; ensure you are comfortable with the tool reading and including transcript content in reports. Ask whether transcripts are redacted or filtered before analysis. - Explicit apply controls: The skill can propose config patches. Make sure it cannot auto-apply fixes without explicit, human confirmation. Prefer a workflow where it writes pending-fixes.json and requires a separate, auditable approval step to call config.patch. - Least privilege & testing: Run this first in a small/test fleet with limited privileges. Verify reports, inspect pending-fixes.json, and confirm no automatic changes occur. If possible, restrict the skill's ability to exec or to call config.patch until you are ready. - Provenance check: Source is listed as 'unknown' and owner ID is not a known vendor. Verify the author (Faan AI homepage is given) and confirm you trust that organization before granting gateway/admin capabilities. What would increase my confidence: explicit metadata stating the required binary ('openclaw'), required config paths (memory/*), and a clear opt-in confirmation flow for applying fixes (and/or a demonstration that transcripts are redacted). If those are provided, the skill appears coherent for its purpose; without them, proceed cautiously.