ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self-Heal Watchdog

v1.0.0

Automated self-healing system for OpenClaw gateway with model failover support. Three-layer protection: process watchdog (auto-restart on crash), config guar...

0· 145·0 current·0 all-time
by@bptravel2017
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code performs exactly the advertised tasks: process monitoring, config backup/rollback, and model failover by editing ~/.openclaw/openclaw.json and restarting the gateway. Those capabilities belong to a self-heal watchdog. However, the skill metadata declares no required binaries or env vars while the scripts clearly assume tools (python3, curl, pgrep, launchctl/system utilities, and an 'openclaw' CLI) and access to the user's OpenClaw config — this mismatch is material and should have been declared.
Instruction Scope
SKILL.md instructs running setup.sh which copies scripts, registers a scheduler, and explains commands; the scripts themselves operate on local files and localhost health endpoints only. All runtime actions (backing up and editing openclaw.json, restarting gateway, registering a launchd job) are within the stated scope. There is no evidence the scripts exfiltrate data or contact external endpoints beyond localhost.
Install Mechanism
This is an instruction-only skill (no external download/install step). Installing runs setup.sh which writes files under ~/.openclaw/watchdog and registers a launchd agent. No remote code is fetched by the install process, lowering supply-chain risk — but the installer does create persistent scheduled execution on the host.
!
Credentials
requires.env and primary credential are listed as none, but the scripts use/assume several environment variables and binaries (OPENCLAW_HOME, GATEWAY_URL, HEALTH_ENDPOINT, DRY_RUN, plus python3, curl, pgrep, launchctl/systemd/cron, and the openclaw CLI). The skill does modify a local configuration file (~/.openclaw/openclaw.json) and writes logs/backups; while this is coherent with purpose, the metadata should have declared these requirements and that it will change your config. No secret/API exfiltration is apparent in the code.
Persistence & Privilege
The installer registers a persistent scheduled job (launchd plist on macOS, with alternatives noted for cron/systemd). always:false (not forced), but installing will create long-lived system scheduler entries and files under the user's home, and register a service that runs every 60s. This is expected for a watchdog but is a high-impact change that requires user consent.
What to consider before installing
This skill largely does what it says — it will copy scripts into ~/.openclaw/watchdog, register a scheduler (launchd plist on macOS), back up and modify ~/.openclaw/openclaw.json, and call the 'openclaw' CLI to restart the gateway. Before installing: (1) review the scripts yourself (they are small and readable); (2) ensure you trust the openclaw CLI on your system; (3) back up ~/.openclaw/openclaw.json manually (setup.sh may fail if that file is missing); (4) verify you have python3, curl, and relevant system tools; (5) run in DRY_RUN=1 mode to observe actions without changes; and (6) be aware the installer will create a persistent scheduled job (uninstall instructions are provided). The main issue here is metadata mismatch (required binaries/env not declared) — that increases risk of surprise failures or unexpected behavior, so treat this as a privileged change and test it in a safe environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk976bbwpp9m5c5e0r566banp5n830nqg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Self-Heal Watchdog 🛡️

三层自愈保护系统,监控 OpenClaw Gateway 进程、配置完整性和模型响应。

安装

bash skills/self-heal-watchdog/scripts/setup.sh

使用 launchd(macOS 原生调度器),每 60 秒运行一次。

手动命令

命令说明
bash scripts/status.sh查看当前状态和最近日志
bash scripts/status.sh --full查看完整日志
bash scripts/watchdog.sh手动运行一次看门狗
bash scripts/watchdog.sh --dry-run干运行(不执行任何操作)
bash scripts/model-failover.sh手动触发模型切换
bash scripts/setup.sh --uninstall卸载看门狗

三层保护

1. Process Watchdog

每分钟检测 gateway 进程是否存活,崩溃自动 restart。

2. Config Guard

每次检查前备份 ~/.openclaw/openclaw.json,配置损坏自动回滚。

3. Model Health Check

通过 /health 端点检测模型响应,连续 2 次失败自动切换 fallback 模型。

文件说明

文件用途
scripts/watchdog.sh主脚本(cron 每分钟调用)
scripts/health-check.sh健康检查逻辑
scripts/model-failover.sh模型切换逻辑
scripts/setup.sh安装/卸载
scripts/status.sh状态查看

配置

  • 状态文件: ~/.openclaw/watchdog-state.json
  • 日志文件: ~/.openclaw/watchdog/watchdog.log
  • Gateway URL: http://localhost:18789
  • 检查间隔: 1 分钟(cron)
  • 失败阈值: 连续 2 次触发 failover

安全

  • 所有脚本仅监听 localhost
  • 不记录 API key/token
  • 日志自动轮转(保留 1000 行)
  • 修改配置前先备份

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…