Meta Healing
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The core health check is local and bounded, but bundled helpers can install recurring background monitors, restart local services, and copy OpenClaw config data in ways that need careful review.
The main Python triage script appears local and relatively safe to run manually. Before using the helper scripts, especially install-watchdog-plist.sh, host-watchdog.sh, or update-cron-for-smart-telemetry.sh, review the hard-coded paths, decide whether you want persistent background jobs, and ensure any copied OpenClaw config does not expose secrets.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A background watchdog could continue running after the user’s immediate task, writing logs and invoking repair actions on a schedule.
This script writes and loads a user LaunchAgent that runs at load and every 900 seconds. That creates persistent autonomous behavior beyond a bounded manual triage run.
<key>RunAtLoad</key> <true/> ... <key>StartInterval</key> <integer>900</integer> ... launchctl load "$plist"
Only run this helper if persistent monitoring is explicitly desired. The skill should make the LaunchAgent opt-in, declare the macOS dependency, and provide clear unload/removal steps.
Unexpected local services may be started, bind ports, consume resources, or change the user’s running agent environment.
The watchdog can start the OpenClaw gateway and execute shell-based restart commands for hard-coded local services. Even with retry limits, these are runtime mutations that can happen automatically once the watchdog is installed.
record_service_event "$service" "restart_attempt" "attempt=$attempts command=$restart_cmd"; bash -lc "$restart_cmd" >/dev/null 2>&1 || true; openclaw gateway start || true; handle_service "denialnet" "http://127.0.0.1:8001/health" "cd ~/.openclaw/agents/aurex/workspace/projects/denialnet && nohup uvicorn routes:app --port 8001 ... &"
Remove hard-coded private service restarts or make each service explicitly configured and approved by the user before any automatic restart.
Sensitive OpenClaw configuration values could be duplicated into another local location and persist longer than expected.
The drift checker copies the full OpenClaw config into a persistent workspace state file while acknowledging that the config may contain sensitive material. The artifacts do not clearly bound retention, permissions, or redaction.
state_dir="$HOME/.openclaw/workspace/state/meta-healing" ... cp "$HOME/.openclaw/openclaw.json" "$current.new" ... DETAIL: content diff suppressed to avoid leaking sensitive configuration material
Store only hashes or redacted baselines by default, set restrictive file permissions, and clearly disclose when a full config copy is retained.
The skill could leave a recurring local monitor running that watches configured files and writes telemetry logs.
This helper adds an every-5-minutes cron job for Kaggle smart telemetry. Persistent file monitoring is not central to the stated OpenClaw runtime triage purpose and needs explicit opt-in and clear scope.
CRON_ENTRY="*/5 * * * * cd ${WORKSPACE} && ./skills/meta-healing/scripts/kaggle-smart-monitor.sh >> ${WORKSPACE}/data/meta-healing/smart-telemetry-cron.log 2>&1 # smart-telemetry" ... | crontab -Separate Kaggle telemetry from the Meta Healing skill or make the cron installation clearly optional, narrowly scoped, and easy to remove.