Guardian — OpenClaw 7x24 Watchdog & Auto-Healer
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: guardian-auto-healer Version: 1.0.0 The guardian-auto-healer skill is a standard health monitoring utility designed to restart the OpenClaw gateway if it becomes unresponsive or exceeds memory thresholds. The Python script (watchdog.py) uses safe subprocess execution (shell=False) to check system metrics and local CLI status, and the SKILL.md instructions correctly guide the agent to set up a recurring cron job for these checks without any evidence of malicious intent or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
OpenClaw could be restarted repeatedly or during active work because another Node application is using memory.
On Windows the memory check totals every node.exe process, then automatically restarts the OpenClaw gateway when the total crosses the kill threshold. That is broader than the stated OpenClaw-specific memory check and can trigger a high-impact action from unrelated processes.
run(["tasklist", "/FI", "IMAGENAME eq node.exe", "/FO", "CSV", "/NH"], timeout=10) ... if mem["memory_mb"] > MEM_KILL_MB: ... restart_gateway(cli)
Scope memory checks to the actual OpenClaw gateway PID/process, make restart alert-only by default or require explicit user approval, and let users tune thresholds.
The watchdog will continue running and may restart the gateway until the cron job is disabled or removed.
The skill creates a recurring autonomous agent job every five minutes. This is disclosed and aligned with a watchdog, but it is persistent behavior that keeps operating after setup.
Runs as a cron job — zero manual intervention after setup ... "everyMs": 300000 ... "kind": "agentTurn"
Install it only if you want continuous monitoring, verify the cron job with `openclaw cron list`, and use the documented disable/remove commands when no longer needed.
Users may not find the logs where the documentation says they should be, making it harder to audit what the watchdog did.
SKILL.md tells users logs are written to `~/.openclaw/logs/guardian.log`, but the script writes to a `.qclaw`-style path. This mismatch can mislead users during verification or troubleshooting.
LOG_DIR = os.path.expandvars(r"%USERPROFILE%\.qclaw\logs")
Align the code with the documented OpenClaw log path or clearly document the actual path for each operating system.
Users need to manually verify the script and ensure the needed local tools are available before scheduling it.
The visible source does not show remote downloads, but the registry metadata provides no provenance and does not declare the local runtime/CLI requirements that the instructions rely on.
Source: unknown; Homepage: none ... Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Inspect the included script, confirm `python3` and the `openclaw` CLI are available, and prefer a version with declared requirements and provenance.