OpenClaw Self-Healing System
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed self-healing tool, but it deserves Review because it installs persistent monitors that can let Claude Code autonomously restart, kill, and repair OpenClaw without clear approval boundaries.
Install only if you intentionally want a persistent self-healing system with authority to restart OpenClaw and let Claude Code attempt repairs. Inspect the included install.sh and scripts first, prefer a pinned release over curl/bash from main, back up ~/.openclaw configuration, keep webhook channels private, and consider disabling or manually gating the Level 3 AI repair path until you trust the behavior.
VirusTotal
1/66 vendors flagged this skill as malicious, and 65/66 flagged it as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A failed or incorrect diagnosis could change OpenClaw configuration, restart services, or otherwise mutate the local environment without the user approving each action.
The skill can launch a general-purpose coding agent in a persistent terminal session and let it make repairs and restarts automatically.
Level 3: Claude Emergency Recovery (30m timeout) ... Launch Claude Code in tmux PTY session ... Autonomous repair (config fixes, restarts)
Review the recovery scripts before enabling Level 3, use a test environment first, keep backups of OpenClaw config, and consider requiring manual approval before Claude Code applies fixes.
The system may continue running recovery logic in the background, including restarts and escalation, even when the user is not actively invoking the skill.
The skill is intended to install persistent background services so it can keep monitoring and recovering OpenClaw after setup.
Set up LaunchAgent (macOS) or systemd units (Linux)
Install only if you want continuous background monitoring, verify which LaunchAgent/systemd/timer/cron entries are created, and keep the uninstall steps available.
The code executed at install time could differ from the package version being reviewed if the remote branch changes.
The recommended quick setup executes a remote script from the repository's main branch rather than a pinned, reviewed version.
bash <(curl -fsSL https://raw.githubusercontent.com/Ramsbaby/openclaw-self-healing/main/install.sh)
Prefer installing the reviewed package, or download and inspect a pinned release/tag of install.sh before running it.
Autonomous recovery may consume or act through the user's Claude Code account and local OpenClaw authority.
The skill depends on the local Claude Code CLI, which typically operates using the user's configured Claude Code account/session.
"requires": { "bins": ["tmux", "claude", "jq"] } ... Level 3: Claude Code DoctorConfirm which Claude Code account is logged in, understand any billing/quota implications, and restrict use to environments where that delegated authority is acceptable.
Incident logs or configuration context could be posted to Discord or Telegram if webhooks are configured.
The skill can send operational context and logs to external webhook channels for alerting.
Level 4: Discord Notification ... Alert human via Discord (with detailed logs)
Use private channels, rotate webhook URLs if exposed, and verify the scripts redact secrets before sending detailed logs.
Stored incident summaries may contain sensitive operational details or influence future automated recovery decisions.
The skill stores recovery learnings and reasoning logs for reuse in future incidents.
Persistent Learning ... Automatic recovery documentation (`recovery-learnings.md`) ... Claude learns from past incidents
Periodically review and sanitize recovery-learnings and reasoning logs, and avoid storing secrets in incident output.
If an agent consults these extra docs, unrelated instructions about memory, cron prompts, or Discord formatting could distract from the self-healing task.
The package includes unrelated documentation about changing memory and cron prompt formatting, which is not aligned with the stated OpenClaw gateway self-healing purpose.
MEMORY.md에 Discord 포맷팅 규칙 추가 ... 14개 크론에 헤더 적용
Treat unrelated documentation as non-authoritative and remove it from the installed skill package if it is not needed for OpenClaw recovery.