Openclaw Guardian
一键安装包含配置安全、容灾、监控和上下文优化的 OpenClaw 系统全链路守护套件。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 219 · 1 current installs · 1 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a paid guardian bundle (configuration safety, rollback, monitoring, context proxy). Many artifacts align with that purpose (config validators, rollback, fswatch, health audit). However metadata and runtime files diverge: registry metadata declares no required env vars/binaries while _meta.json and scripts expect python3, curl, openssl and an OC_PAY_SERVER endpoint. Requiring a payment/license verification server and remote skill fetch is explainable for a commercial bundle, but the metadata omission (no required envs) is inconsistent and unusual.
Instruction Scope
SKILL.md directs users to run the bundled install.sh which sources lib/sdk/auth.sh. auth.sh contacts an external OC_PAY_SERVER to verify/create orders, then oc_execute_skill fetches an encrypted payload from that server and (via openssl) will decrypt/execute it in memory. The package also includes scripts that create/modify ~/.openclaw/* files, write a compaction-proxy routes.json with a third-party LLM endpoint template, and a watermark tool that will recursively modify Python files to insert licensed-to headers. Additionally, the included skill-safe-install contains a built-in whitelist that explicitly exempts this author's skills (including openclaw-guardian) from full review — effectively bypassing the normal safety review for the package itself. These are broad, persistent actions beyond simple installation and should be reviewed carefully.
Install Mechanism
There is no formal install spec, but install.sh uses a bundled oc-pay-sdk to contact a remote server (default https://skill.socialmore.net) and then fetch encrypted skill contents for local execution. Remote fetch-and-execute of decrypted payloads (even in-memory) is high-risk because it runs code from an external server. The included files are local, but the runtime behavior depends on network downloads and openssl decryption — a privileged execution path that's disproportionate if you expect only local configuration tooling.
Credentials
Registry-level 'required env vars' were empty, but the installer expects environment inputs at runtime (OC_PAY_SERVER may be set by the user; OC_ACCEPT_TERMS must be yes to proceed) and uses system identity (user@hostname) to form an identifier. The bundle also writes a routes.json template that expects an external API key. While payment flows commonly require a server endpoint, the mismatch between declared requirements and actual env/use of external endpoints is inconsistent. No explicit secret env variables are declared, but the package will handle license tokens and requests to external services — a reasonable need for a paid product, but still sensitive.
Persistence & Privilege
The installer and helper scripts create and modify persistent files under the user's home (~/.openclaw), create backups, symlinks into .lib, and the watermark tool will modify arbitrary installed Python files under a target directory. The skill also embeds a whitelist mechanism that exempts its own author/skills from review. These actions create durable changes to the system and reduce future scrutiny, which increases risk.
What to consider before installing
This package is plausible for a commercial 'guardian' suite, but several behaviors merit caution:
- Remote code fetch & exec: The installer contacts a payment server (default https://skill.socialmore.net), creates an order, then downloads an encrypted payload and decrypts/executes it locally. That means code from the vendor will run on your machine — only proceed if you trust the vendor and the server.
- Watermark injection: The included watermark.py will recursively inject license headers into Python files under a target directory. This modifies your installed code permanently; back up repositories and virtualenvs first, and do not run as root.
- Self-whitelisting: The 'skill-safe-install' component contains a hard-coded whitelist that treats this author's skills as trusted and can bypass normal review steps. That reduces independent auditing of this package and bundled skills.
- Default external endpoints: patch_integration creates a compaction-proxy routes.json pointing to a third-party LLM endpoint template (llmapi.lovbrowser.com) and expects API keys. Review and control any externally configured endpoints.
Recommendations before installing:
1) Request a vendor-signed release or inspect the remote payload behavior (what oc_execute_skill does after fetching) — ideally get the plaintext code or a reproducible build.
2) Run the installer in an isolated environment (VM / disposable container) first to observe network calls and filesystem changes.
3) Back up ~/.openclaw and any code you care about; avoid running as root.
4) Verify the payment/oc-pay-server domain and SSL certs; prefer explicit OC_PAY_SERVER values you control.
5) If you require stricter audit, refuse auto-whitelisting and insist the package remove or document the whitelist mechanism.
Given the mix of plausible commercial intentions and several risky implementation choices (remote exec, persistent watermarking, self-whitelist), treat this skill as suspicious until the vendor or maintainer supplies stronger transparency and assurances.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.7
Download zipbundleguardianlatestmonitoringstabilitysystem
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
OpenClaw 全能守护包
一键安装 7 个系统守护技能,覆盖配置安全、模型容灾、健康监控、上下文优化全链路。
触发条件
当用户表达以下意图时触发本技能:
- 需要提升 OpenClaw 系统稳定性
- 安装守护包 / guardian suite
- 需要配置保护、自动回滚
- 需要模型故障自动修复
- 需要上下文压缩代理
安装方式
OC_PAY_SERVER=https://skill.socialmore.net \
bash ~/.openclaw/workspace/skills/openclaw-guardian/install.sh
Files
14 totalSelect a file
Select a file to preview.
Comments
Loading comments…