Meta Healing
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: meta-healing Version: 0.1.2 The bundle implements persistence via macOS LaunchAgents (install-watchdog-plist.sh) and cron jobs (update-cron-for-smart-telemetry.sh) to run background watchdog and telemetry scripts. It performs extensive system auditing, including monitoring open ports, process lists (specifically filtering for 'telegram'), and configuration drift. While its stated goal is system 'healing,' it includes instructions in SKILL.md to steer the AI agent toward upselling a 'Pro' version via a Stripe link (buy.stripe.com/fZucN47W0ewz4RG0G20kE0b) when 'degradations' are detected. The presence of hardcoded user paths (/Users/marcuscoarchitect/) and broad system-level persistence without clear user opt-in are significant indicators of suspicious behavior.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A background watchdog could continue running after the user’s immediate task, writing logs and invoking repair actions on a schedule.
This script writes and loads a user LaunchAgent that runs at load and every 900 seconds. That creates persistent autonomous behavior beyond a bounded manual triage run.
<key>RunAtLoad</key> <true/> ... <key>StartInterval</key> <integer>900</integer> ... launchctl load "$plist"
Only run this helper if persistent monitoring is explicitly desired. The skill should make the LaunchAgent opt-in, declare the macOS dependency, and provide clear unload/removal steps.
Unexpected local services may be started, bind ports, consume resources, or change the user’s running agent environment.
The watchdog can start the OpenClaw gateway and execute shell-based restart commands for hard-coded local services. Even with retry limits, these are runtime mutations that can happen automatically once the watchdog is installed.
record_service_event "$service" "restart_attempt" "attempt=$attempts command=$restart_cmd"; bash -lc "$restart_cmd" >/dev/null 2>&1 || true; openclaw gateway start || true; handle_service "denialnet" "http://127.0.0.1:8001/health" "cd ~/.openclaw/agents/aurex/workspace/projects/denialnet && nohup uvicorn routes:app --port 8001 ... &"
Remove hard-coded private service restarts or make each service explicitly configured and approved by the user before any automatic restart.
Sensitive OpenClaw configuration values could be duplicated into another local location and persist longer than expected.
The drift checker copies the full OpenClaw config into a persistent workspace state file while acknowledging that the config may contain sensitive material. The artifacts do not clearly bound retention, permissions, or redaction.
state_dir="$HOME/.openclaw/workspace/state/meta-healing" ... cp "$HOME/.openclaw/openclaw.json" "$current.new" ... DETAIL: content diff suppressed to avoid leaking sensitive configuration material
Store only hashes or redacted baselines by default, set restrictive file permissions, and clearly disclose when a full config copy is retained.
The skill could leave a recurring local monitor running that watches configured files and writes telemetry logs.
This helper adds an every-5-minutes cron job for Kaggle smart telemetry. Persistent file monitoring is not central to the stated OpenClaw runtime triage purpose and needs explicit opt-in and clear scope.
CRON_ENTRY="*/5 * * * * cd ${WORKSPACE} && ./skills/meta-healing/scripts/kaggle-smart-monitor.sh >> ${WORKSPACE}/data/meta-healing/smart-telemetry-cron.log 2>&1 # smart-telemetry" ... | crontab -Separate Kaggle telemetry from the Meta Healing skill or make the cron installation clearly optional, narrowly scoped, and easy to remove.