ClawHub

System Health Check

v0.1.0

System health validator — checks skill files, paths, permissions, binaries, backup freshness, and encryption. Produces pass/fail reports.

0· 628·5 current·8 all-time
byStems@satoshistackalotto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (system health validator for OpenClaw) align with requiring openclaw, jq, and OPENCLAW_DATA_DIR. openssl for hash checks is reasonable. However the EVALS.json expectations mention verifying 'curl' is installed while the declared required binaries do not include curl, and counts for expected skill/EVAL files are inconsistent (expected_count:20 vs narrative '19 operational skills + canonical map'). These mismatches are minor but unexplained.
!
Instruction Scope
SKILL.md repeatedly claims 'read-only' and 'never modifies any data' but also documents features that write or log data: --save-report (writes to /data/reports/system/), EVALS expectations that failures are logged to /data/memory/failures/, and example remediation advice that implies state changes by operators. The instructions instruct reading many sensitive paths under $OPENCLAW_DATA_DIR (expected), but the read-only promise conflicts with documented report/log writing and is not reconciled in the documentation. The 'encryption status' and 'integrity' checks are underspecified (unclear if they require keys or privileged reads).
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. Nothing is downloaded or extracted by the skill itself.
Credentials
Only OPENCLAW_DATA_DIR and availability of jq/openssl/openclaw are required — this is proportionate for a health-checker that scans the OpenClaw data tree. No secrets or unrelated credentials are requested. Minor discrepancy: EVALS.json expects curl to be verified but curl is not declared as required.
!
Persistence & Privilege
The skill is not forced-always and is user-invocable (normal). However the documentation implies it can write reports/logs under $OPENCLAW_DATA_DIR (e.g., --save-report and logging failures), contradicting the 'read-only' promise. If allowed to run autonomously by the agent, that write behavior could create data the user did not expect. Clarification is needed about what the skill will write by default and whether any writes require explicit flags or elevated permissions.
What to consider before installing
Before installing or enabling this skill, ask the maintainer to clarify the contradictions: (1) does the tool truly run read-only, or will it create reports/log entries under OPENCLAW_DATA_DIR (which implies writes)? (2) why does EVALS.json expect 'curl' while the skill metadata does not list curl as required? (3) what exactly do the 'encryption' and 'integrity' checks read or require (any secrets or privileged access)? If you plan to run it, test in a non-production environment first, inspect what files it actually creates when run with different flags (especially --save-report), and ensure your agent's ability to auto-invoke the skill is constrained if you do not want automated writes to your data directory.

Like a lobster shell, security has layers — review code before you run it.

latestvk9714m9vccxmnhpnzy844w6ar181jf8j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsjq, openssl, openclaw
EnvOPENCLAW_DATA_DIR

Comments