Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
botlearn-healthcheck
v1.0.2Autonomously inspects a live OpenClaw instance across 5 health domains (hardware, config, security, skills, autonomy) and delivers a quantified traffic-light...
⭐ 0· 384·1 current·1 all-time
by邢怀康@calvinxhk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (OpenClaw health check) aligns with the included collection scripts and deep-check markdowns: the skill reads OpenClaw runtime state, config, logs, and workspace files and runs local CLI checks. Required binaries (node, bash, curl, and either openclaw or clawhub) make sense for this purpose. One minor mismatch: the registry metadata shows no required env vars while the skill declares OPENCLAW_HOME as primaryEnv — acceptable because the skill falls back to $HOME/.openclaw, but the label 'primary credential' is potentially misleading (OPENCLAW_HOME is a path, not a secret).
Instruction Scope
SKILL.md instructs the agent to autonomously run many local commands and to read many files under OPENCLAW_HOME (openclaw.json, logs, workspace identity files including agent.md/user.md/tool.md, cron tasks, etc.). This is coherent for a health check but broad: it will ingest user-facing and possibly personal content (user.md). The SKILL.md also asserts 'No outbound network requests are made outside the local OpenClaw gateway' and 'read-only during the collection phase', but other documents (check_skills.md, some fix hints) reference clawhub search/install and curl install commands that would contact external registries. That's a contradiction that could lead to unexpected network activity. The skill's setup.md states fix operations require explicit user confirmation, but some recommendations include '--force' flags that skip interactive prompts — review how/when these are executed.
Install Mechanism
There is no install spec (instruction-only skill) which reduces supply-chain risk from an installer. However, the skill bundles many scripts (17+) which will be executed by the agent; those scripts read/write under the skill directory (e.g., snapshot-manager stores data/checkups/) and execute local CLIs. The scripts and docs include recommended commands that fetch or install software (e.g., 'curl ... | bash' or 'clawhub install ... --force') as remediation suggestions — these are not an installer for the skill itself, but they are high-risk operations if the agent runs them without careful confirmation.
Credentials
The skill does not request secret API tokens or unrelated cloud credentials. It does rely on OPENCLAW_HOME (a path) and reads many files within that directory (config, logs, workspace identity files). Reading workspace identity/user.md may expose personal data — this is expected for a full health audit but is privacy-sensitive and proportionate only if the user expects a deep local audit. The skill claims it will not print credential values and will redact common patterns in logs, which is good practice but should be audited in the scripts to ensure redaction is robust.
Persistence & Privilege
always:false (no forced permanent inclusion) and disable-model-invocation:false (agent can autonomously invoke the skill) — both are normal. The skill writes its own snapshots under its own data/checkups directory (snapshot-manager.sh) which is within the skill's scope. The skill does include remediation suggestions to install other skills or run system-level commands; if the agent were allowed to autonomously run 'clawhub install ... --force' that would alter system state and has higher privilege implications — verify that fixes require explicit user confirmation and that autonomous execution is constrained.
What to consider before installing
What you should check before installing or running this skill:
1) Review the bundled scripts before running: the skill includes many Bash/Node scripts that will be executed by the agent and will read many files under OPENCLAW_HOME (config, logs, workspace/*.md). Ensure you trust the publisher and audit the scripts for any unsafe shell commands or missing redaction.
2) Network activity contradiction: SKILL.md claims 'No outbound network requests are made outside the local OpenClaw gateway' but the docs and checks reference clawhub search/installs and curl-based install commands (and recommended 'clawhub install @botlearn/... --force'). Confirm whether collect-skills.sh actually performs remote registry calls and whether the agent will perform them automatically.
3) Installation recommendations with --force: the skill recommends installing third-party skills with '--force' (skips interactive prompts). Never allow automated, unconfirmed installs from this skill. Make sure 'fix' operations truly require explicit human confirmation and that the agent will not run the install commands autonomously.
4) Sensitive data & redaction: the skill reads workspace identity and config files. setup.md promises to redact credentials from gateway logs before storing, and to avoid printing credential values, but you should verify redaction logic in scripts (regular-expression coverage) and confirm identity credential files are never read — only their directory listings per the spec.
5) Run in a safe environment first: execute the skill in a non-production sandbox or on a copy of OPENCLAW_HOME to observe behavior. Disable autonomous invocation (if possible) until you confirm it only performs read-only collection and only performs write/installation operations after explicit approval.
6) Verify fallback behavior: since OPENCLAW_HOME may default to $HOME/.openclaw, confirm the skill will not unexpectedly target a different path. If you want to limit its scope, set OPENCLAW_HOME to a safe test directory when first running.
If you are not comfortable auditing the scripts yourself, do not install or allow autonomous execution. The skill is coherent with its stated purpose but contains several risky remediation recommendations and a contradictory network-activity claim that warrant manual review.Like a lobster shell, security has layers — review code before you run it.
latestvk97ffe01cz884smmzhythb39ad826hr0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏥 Clawdis
OSmacOS · Linux
Binscurl, node, bash
Any binclawhub, openclaw
Primary envOPENCLAW_HOME