Heleni Maintenance

v1.0.0

Unified workspace maintenance skill. Covers: (1) backing up the workspace to GitHub git repo, and (2) updating OpenClaw and skills. Use when: asked to backup...

⭐ 0· 77·0 current·0 all-time

byNetanel Abergel@netanel-abergel

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for netanel-abergel/heleni-maintenance.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Heleni Maintenance" (netanel-abergel/heleni-maintenance) from ClawHub.
Skill page: https://clawhub.ai/netanel-abergel/heleni-maintenance
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install heleni-maintenance

ClawHub CLI

Package manager switcher

npx clawhub@latest install heleni-maintenance

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's stated purpose is workspace backup and OpenClaw updates, which legitimately require access to the workspace, the OpenClaw CLI, and a GitHub token. However, the registry metadata declares no required env vars or config paths while the SKILL.md explicitly instructs the agent to locate a GitHub PAT (GITHUB_TOKEN/GH_TOKEN or ~/.credentials files) and to use OWNER_PHONE/WhatsApp for reporting. The omission of these required credentials/configs in the metadata is an incoherence.

Instruction Scope

SKILL.md tells the agent to read and modify system paths (/opt/ocana/openclaw/workspace, agents sessions.json), to cat credential files (~/.credentials/github-token.txt), echo environment variables, run git push, run openclaw update and clawhub update, and add cron jobs. Those actions lie within a plausible maintenance scope, but they involve accessing and transmitting sensitive data (GitHub PAT, session store) and scheduling recurring autonomous tasks. The instructions are prescriptive (concrete commands), but they also direct searching for tokens in multiple locations — including user home — which increases the risk of secret exposure if not tightly controlled.

✓

Install Mechanism

This skill is instruction-only with no install spec and no code files, which minimizes install-time risk (no downloads or arbitrary code writes).

Credentials

Although a GitHub token is reasonable for automated pushes, the skill does not declare required env vars or credentials in the metadata. It instructs the agent to read GITHUB_TOKEN/GH_TOKEN and to check credential files, and it references OWNER_PHONE for messaging — all sensitive items that should have been declared. The request for a PAT with 'repo' scope is high privilege; the metadata should explicitly require and justify it and recommend least-privilege tokens and secure storage.

ℹ

Persistence & Privilege

The skill schedules persistent cron jobs (every 6h backup, weekly updates) via openclaw cron add. Persistent scheduling is appropriate for maintenance, but because the cron jobs run autonomously and perform pushes/updates and may message the owner, the user should be aware these actions will occur routinely. This persistent behavior combined with undeclared credential access raises the overall risk profile.

What to consider before installing

This skill does what it says (backup, update, cleanup) but the metadata omits the sensitive accesses the instructions require. Before installing: (1) confirm where backups will go and that the target GitHub repo is owned/trusted; (2) provide a least-privilege GitHub PAT (ideally a repo-limited token or a deploy key) and do not store it in plaintext files if possible; (3) review the workspace contents to ensure no secrets will be committed; (4) be comfortable with cron jobs running automatically (every 6h and weekly updates) and messaging the owner via the configured channel; (5) consider running the steps manually first to verify behavior; and (6) ask the skill author or registry to update metadata to declare required env vars/config paths (GITHUB_TOKEN/GH_TOKEN, OWNER_PHONE, any credential file paths) so the permission model is explicit. If you cannot verify the backup destination, token scope, or cron acceptance, do not enable the skill's autonomous scheduling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b64g5kxwbbbrzdmsxcgwyps84bvmc

77downloads

0stars

1versions

Updated 3w ago

v1.0.0

MIT-0

Maintenance Skill

Minimum Model

Any model. Both sections are scripted operations.

Trigger Phrases

"backup workspace" / "push to git" / "save to github"
"update openclaw" / "update skills" / "run maintenance"
Runs automatically on schedule (see Cron section)

Section 1 — Workspace Backup

Back up the entire workspace to GitHub on a regular schedule or on demand.

When to Run

After significant MEMORY.md changes
After editing or creating skills
After completing a major task
On cron schedule: every 6 hours silently

Step 1 — Find the GitHub Token

Priority order:

Git remote URL — check if token is embedded:

git -C /opt/ocana/openclaw/workspace remote get-url origin

Environment variable:
```
echo $GITHUB_TOKEN
echo $GH_TOKEN
```

Credentials file:

cat ~/.credentials/github-token.txt 2>/dev/null
cat ~/.credentials/github-pat.txt 2>/dev/null

If no token found → report BLOCKED to owner.

Step 2 — Commit and Push

cd /opt/ocana/openclaw/workspace

# Stage all changes
git add -A

# Commit with timestamp
TIMESTAMP=$(date -u +"%Y-%m-%d %H:%M UTC")
git commit -m "Auto-backup: $TIMESTAMP" 2>/dev/null || echo "Nothing to commit"

# Push
git push origin main

Step 3 — Report (On-Demand Only)

If triggered manually (not by cron):

✅ Workspace backed up to GitHub — [timestamp]
[X] files changed

If triggered by cron → silent (no message to owner).

Cron Schedule

openclaw cron add \
  --name "workspace-backup" \
  --every 6h \
  --session isolated \
  --message "Run the maintenance skill, Section 1 (Workspace Backup). cd /opt/ocana/openclaw/workspace && git add -A && git commit -m 'Auto-backup: $(date -u +\"%Y-%m-%d %H:%M UTC\")' && git push origin main. Silent — do not message owner unless push fails." \
  --timeout-seconds 60

Troubleshooting

Issue	Fix
`git push` auth error	Token expired — update in remote URL or credentials file
`nothing to commit`	Normal — workspace unchanged since last backup
`rejected (non-fast-forward)`	Run `git pull --rebase origin main` first, then push
No token found	Ask owner for a GitHub PAT with `repo` scope

Section 2 — OpenClaw Updates

Keep OpenClaw and installed skills up to date.

When to Run

Weekly on Sunday at 03:00 UTC (cron)
When owner says "update openclaw" or "update skills"
After a new OpenClaw version is released

Step 1 — Update OpenClaw

# Update the OpenClaw platform
openclaw update

# Check the new version
openclaw --version

Step 2 — Update Skills via ClawHub

# Update all installed skills to latest
clawhub update

# Or update a specific skill
# clawhub update <skill-name>

Step 3 — Report What Changed

After updates, report to owner:

🔄 Maintenance complete (Sunday update):

OpenClaw: v1.2.3 → v1.2.4
  - [changelog item if available]

Skills updated:
  - skill-master: v1.1 → v1.2
  - whatsapp: v2.0 → v2.1
  - [others]

No action needed. Everything is up to date.

If nothing changed:

✅ No updates available — everything is current.

Step 4 — Verify After Update

# Check gateway is still running
openclaw gateway status

# Check agent is responding (send a test message or check logs)
openclaw logs --last 10

If gateway is down after update → run openclaw gateway restart.

Cron Schedule

openclaw cron add \
  --name "weekly-update" \
  --cron "0 3 * * 0" \
  --session isolated \
  --message "Run maintenance skill Section 2 (OpenClaw Updates): run 'openclaw update' and 'clawhub update', then report what changed to owner via WhatsApp." \
  --to "OWNER_PHONE" \
  --channel whatsapp \
  --timeout-seconds 300

Troubleshooting

Issue	Fix
`openclaw update` fails	Check internet connectivity; retry in 30 min
`clawhub update` not found	Install: `npm install -g clawhub`
Gateway down after update	Run `openclaw gateway restart`
Skills missing after update	Re-install: `clawhub install <skill-name>`

Section 3 — Session Store Cleanup

Prevent sessions.json from bloating (observed growing to 67MB+ with 600+ stale cron run entries).

When to Run

Weekly (Sunday maintenance window)
If agent response time degrades noticeably
Whenever sessions.json exceeds 10MB

Step 1 — Check Size

ls -lh /opt/ocana/openclaw/agents/main/sessions/sessions.json

If under 10MB → skip cleanup.

Step 2 — Clean Stale Cron Run Entries

cd /opt/ocana/openclaw/agents/main/sessions

# Backup first
cp sessions.json sessions.json.bak.$(date +%Y%m%d-%H%M%S)

# Remove all :run: entries (completed cron run histories)
python3 -c "
import json
with open('sessions.json') as f:
    d = json.load(f)
before = len(d)
cleaned = {k:v for k,v in d.items() if ':run:' not in k}
after = len(cleaned)
with open('sessions.json', 'w') as f:
    json.dump(cleaned, f)
print(f'Removed {before-after} entries. {after} remaining.')
"

Step 3 — Restart Gateway

openclaw gateway restart

Step 4 — Report

🧹 Session cleanup: [X]MB → [Y]MB, removed [N] stale cron run entries.

Cost Tips

Both sections: Very cheap — scripted operations, no LLM tokens for the actual backup/update.
Cron: Both jobs run in isolated sessions. Backup is silent; updates report only if something changed.
Don't over-backup: Every 6h is enough. More frequent = wasted compute and noisy git history.
sessions.json bloat is a known issue — cron runs accumulate unbounded. Weekly cleanup keeps response time fast.

Comments

Loading comments...