金刚罩
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its system-maintenance purpose, but review it carefully because it can delete old OpenClaw data and create local copies of configuration secrets.
Install only if you want an automated OpenClaw maintenance tool that can restart the gateway, back up configuration, and clean old data. Before enabling the recommended cron, inspect the installed scripts, secure ~/.openclaw/backups and ~/.openclaw/data/system-guardian, avoid inline secrets where possible, and adjust or disable automatic cleanup if you need to retain old sessions or logs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Secrets kept in OpenClaw configuration may be copied into audit/snapshot files, increasing exposure if those files are shared, backed up, or readable by other local processes.
The health patrol stores a full config snapshot and writes raw config diffs to an audit log. Because the skill also supports inline secrets in openclaw.json, this can create unredacted secondary copies of API keys or credentials.
CONFIG="${OPENCLAW_DIR}/openclaw.json" ... DIFF_LINES=$(diff "${GUARDIAN_DATA}/.config-snapshot.json" "$CONFIG" 2>/dev/null | head -20) ... echo "$DIFF_LINES" >> "$AUDIT_LOG" ... cp "$CONFIG" "${GUARDIAN_DATA}/.config-snapshot.json"Redact secret fields before logging diffs, restrict permissions on ~/.openclaw/data/system-guardian, prefer env-based secrets, or provide a clear option to disable config auditing.
The skill may create additional local copies of sensitive environment variables, provider keys, and startup configuration.
The rollback workflow backs up OpenClaw config, .env, and LaunchAgent files. This is purpose-aligned for recovery, but these files may contain credentials or privileged autostart settings.
cp "$CONFIG" "$BACKUP_FILE" ... cp "$ENV_FILE" "$ENV_BACKUP" ... PLIST_SRC="${HOME}/Library/LaunchAgents/ai.openclaw.gateway.plist" ... cp "$PLIST_SRC" "$PLIST_BACKUP"Keep ~/.openclaw/backups protected, verify file permissions, and periodically remove old backups that may contain obsolete secrets.
Old conversations, backups, or logs may be permanently removed when health patrol runs, especially if the recommended cron is enabled.
The health check performs automatic cleanup by deleting old session transcripts, excess backups, and old logs. This is disclosed and scoped to maintenance, but it is still destructive file mutation.
find "$SESSIONS_DIR" -name "*.jsonl" -mtime +${SESSION_MAX_AGE_DAYS} -delete ... ls -1t "$BACKUP_DIR"/$pattern | tail -n "$EXCESS" | xargs rm -f ... find /tmp/openclaw -name "openclaw-*.log" -mtime +7 -deleteRun health-patrol manually first, adjust the retention constants if needed, and do not enable the cron until you are comfortable with the cleanup policy.