Ops Hygiene
v1.0.0Standard operating procedures for agent maintenance, security hygiene, and system health. Use when performing periodic checks, security audits, memory maintenance, secret rotation, dependency updates, or any recurring "housekeeping" tasks. Also use when setting up automated maintenance schedules or when asked about agent security posture.
⭐ 1· 1.2k·6 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (agent maintenance, secret rotation, audits) matches the included scripts (health-check, secret-scan, security-audit, heartbeat dispatcher). However the registry metadata claims no required binaries or credentials while the scripts clearly call curl, git, python3, lsof, npm, grep, and local services (Ollama at :11434, Reef at :3030). The omission of required binaries/tools in metadata is an inconsistency.
Instruction Scope
SKILL.md instructs the agent to read many local files (SOUL.md, USER.md, memory files, HEARTBEAT.md, $HOME/.openclaw/openclaw.json and $HOME/.openclaw/workspace) and to run scripts that (a) scan the workspace for secrets, (b) grep a .secrets file for an AgentMail API key and call the AgentMail client, and (c) post prompts to a local Reef API. Reading and programmatically using secrets from workspace/.secrets is within a 'maintenance' scenario but is sensitive and not declared in metadata. The heartbeat script may automatically contact local/external services for triage. These behaviors broaden the skill's runtime scope beyond simple diagnostics.
Install Mechanism
There is no install spec — this is instruction-and-script-only. That minimizes supply-chain risk (no external archives to download). The code is provided directly in the skill bundle.
Credentials
The skill requests no environment variables or credentials in metadata, yet scripts attempt to read local secret files ($WORKSPACE/.secrets), and the secret scanner looks for many credential patterns (OpenAI, Anthropic, AWS, GitHub, AgentMail, etc.). The heartbeat dispatcher extracts an AgentMail API key from workspace files to call the AgentMail client. Requiring or using these credentials is plausible for email triage, but it is not declared or scoped in the metadata — this mismatch increases risk and surprise to users.
Persistence & Privilege
The skill is not marked always:true and does not request special platform-wide persistence. It performs periodic checks and updates state in workspace JSON files (heartbeat-state.json, memory/hygiene-state.json) under the agent workspace; that is expected for a maintenance skill. Autonomous invocation is allowed (default) which is normal for skills, but combined with the other concerns it is worth noting.
What to consider before installing
This package is plausibly an ops/maintenance toolkit, but it contains code that reads local files (including a .secrets file), scans for many API key patterns, and will attempt to use extracted credentials to talk to services (AgentMail) and local LLM endpoints (Reef, Ollama). Before installing or enabling: 1) Review the scripts line-by-line and confirm you are comfortable with them accessing $HOME/.openclaw/workspace and any .secrets files; 2) Ensure required binaries (python3, curl, git, npm, lsof, grep) exist and consider running in an isolated environment or container; 3) If you do not want automated network access, block or remove calls to external endpoints (AgentMail/localhost:3030/11434) or run with network disabled; 4) Make sure you trust the skill source (no homepage provided) and consider adding explicit metadata for required credentials or removing automatic credential use; 5) If you want tighter control, modify heartbeat-dispatch.sh to require manual approval before any network call or before parsing/exposing secrets. If you want me to, I can produce a sanitized version that avoids reading .secrets and disables auto-triage calls.Like a lobster shell, security has layers — review code before you run it.
latestvk97de1dmscsvn9sc06q37eyp658101wp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.