Openclaw Mutual Repair
v1.0.0Enables two OpenClaw instances to monitor each other via heartbeat, perform health checks, diagnose issues, and remotely repair for 24/7 stable operation.
⭐ 0· 84·0 current·0 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, README, SKILL.md, skill.json and src/index.ts all describe a two-node heartbeat, health-check and repair system. The declared permissions (exec, network) match the implementation which runs shell checks and posts heartbeats to the peer; these capabilities are proportionate to the stated purpose.
Instruction Scope
SKILL.md confines instructions to configuring hosts/ports, starting/stopping the service and using health/diagnose/repair commands. The runtime code executes local system commands (free, top, pm2, ss, ping, nc) and sends HTTP requests to the configured remoteHost — this is within the expected scope but means the skill will read system state and may run repair commands when triggered.
Install Mechanism
No explicit install spec is provided (instruction-only) but the package contains code and package.json (axios dependency). That means ClawHub will install code/deps when added; lack of an install/verified release URL increases the surface for supply-chain concerns compared with a well-known package release mechanism.
Credentials
The skill declares no required environment variables (good) and permissions are reasonable for the task. However, documentation (PUBLISH.md) contains an embedded Claw-CLI token string, which appears to be a credential leaked into the repo; this is unrelated to normal runtime needs and is a red flag. Also remote-repair behavior may require SSH access (SKILL.md mentions SSH keys), so operators should ensure SSH use is limited and keys are managed securely.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). The skill does not request system-wide config changes in the manifest. Autonomous invocation combined with exec/network is powerful but expected for an ops/repair skill; no evidence it demands persistent elevated platform privileges.
Scan Findings in Context
[embedded_publish_token_in_docs] unexpected: PUBLISH.md includes a Claw-CLI token value (clh_wf...); this looks like a leaked credential in the repository and is not required by the skill to run on target hosts. The static pre-scan reported no injection signals, but this artefact is still a security concern.
[truncated_source_file] unexpected: The provided src/index.ts content was truncated in the package listing. That prevents a complete audit of the repair/executeRepair implementation (possible remote command execution paths). Full file review is needed to verify there are no unexpected behaviors.
What to consider before installing
This skill broadly matches its description (two-node heartbeat, health checks, and remote repair), but review these items before installing:
- Remove or rotate any leaked credentials: PUBLISH.md contains what looks like a Claw-CLI token — treat it as compromised and rotate it.
- Audit the full src/index.ts (the provided snippet was truncated) to confirm how repairs are executed (particularly whether it runs ssh/remote commands and with what arguments). If repairs invoke shell commands or SSH, ensure the commands are explicit and limited, and that SSH keys are tightly controlled.
- Run the skill in an isolated/staging environment first. The service listens by default on 0.0.0.0:9528 — configure firewalls to restrict access to the peer only and avoid exposing the port to the public internet.
- Ensure the host has expected utilities (pm2, nc, ss, ping) and that parsing of their output is robust for your OS; poorly parsed outputs can lead to incorrect diagnoses.
- Prefer least privilege: provide only the network connectivity necessary to the configured peer, and do not enable remote-repair until you have confirmed its exact behavior.
If you want, I can: 1) search the repo for other potential secrets, 2) try to reconstruct the truncated part if you can provide the rest of src/index.ts, or 3) produce a short checklist of safe configuration and firewall rules for deploying this skill.src/index.ts:177
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latest
🤖 OpenClaw 双机互修助手
让两只 OpenClaw 互相守护,实现 7×24 小时稳定运行
📦 安装
clawhub install openclaw-mutual-repair
🚀 快速开始
1. 配置双机环境
在两台机器上分别配置:
机器 A (192.168.1.100):
{
"localHost": "0.0.0.0",
"localPort": 9528,
"remoteHost": "192.168.1.101",
"remotePort": 9528,
"heartbeatInterval": 300000
}
机器 B (192.168.1.101):
{
"localHost": "0.0.0.0",
"localPort": 9528,
"remoteHost": "192.168.1.100",
"remotePort": 9528,
"heartbeatInterval": 300000
}
2. 启动互修服务
在飞书或 OpenClaw 中输入:
启动互修
3. 使用示例
用户:健康检查
用户:诊断
用户:启动互修
用户:停止互修
📋 核心功能
1. 心跳监控 💓
- 双机定期发送心跳(默认 5 分钟)
- 自动检测对端是否在线
- 心跳超时自动告警
2. 健康检查 🏥
- 内存使用率监控
- CPU 使用率监控
- PM2 进程状态检查
- 系统运行时间统计
3. 故障诊断 🔍
- 自动识别内存泄漏风险
- 检测进程异常重启
- 网络连通性诊断
4. 自动修复 🛠️
- 远程重启 OpenClaw 进程
- 发送修复建议
- 故障转移(规划中)
⚙️ 配置项
| 参数 | 类型 | 默认值 | 说明 |
|---|---|---|---|
| localHost | string | 0.0.0.0 | 本机监听地址 |
| localPort | number | 9528 | 本机监听端口 |
| remoteHost | string | - | 对端主机地址(必填) |
| remotePort | number | 9528 | 对端监听端口 |
| heartbeatInterval | number | 300000 | 心跳间隔(毫秒) |
| heartbeatTimeout | number | 30000 | 心跳超时(毫秒) |
| memoryThreshold | number | 85 | 内存告警阈值(%) |
| cpuThreshold | number | 80 | CPU 告警阈值(%) |
🔐 安全说明
- 网络隔离:建议在内部网络使用,不要暴露到公网
- 防火墙配置:仅允许对端 IP 访问心跳端口
- SSH 密钥:远程修复功能需要配置 SSH 免密登录(可选)
📊 监控指标
| 指标 | 正常值 | 告警阈值 |
|---|---|---|
| 内存使用率 | < 70% | > 85% |
| CPU 使用率 | < 50% | > 80% |
| WebSocket 连接数 | > 10 | < 5 |
| 断连频率 | < 2 次/小时 | > 5 次/小时 |
| 进程重启次数 | 0 | > 5 |
🐛 故障排查
问题 1:心跳发送失败
[Heartbeat] Failed to send: connect ECONNREFUSED
解决: 检查对端 OpenClaw 是否运行,防火墙是否开放端口
问题 2:端口被占用
Error: listen EADDRINUSE: address already in use
解决: 修改 localPort 配置,或停止占用端口的进程
问题 3:PM2 检测失败
PM2 未检测到 OpenClaw 进程
解决: 使用 PM2 启动 OpenClaw:pm2 start app.js --name openclaw
📚 相关文件
src/index.ts- 核心实现skill.json- Skill 配置package.json- 依赖管理tsconfig.json- TypeScript 配置
📝 更新日志
v1.0.0 (2026-03-27)
- ✨ 初始版本发布
- 🎯 实现双机心跳协议
- 🏥 健康检查功能
- 🔍 故障诊断功能
- 🛠️ 远程修复功能(PM2/systemd)
作者: OpenClaw Skill Master
许可: MIT
反馈: https://github.com/rfdiosuao/openclaw-skills/issues
Comments
Loading comments...