Setup Doctor
v3.0.1Diagnose OpenClaw setup in one command. Auto-detects issues with Node, npm, gateway, config, and workspace. Quick mode (~10s) or Full mode. Multi-language. C...
⭐ 0· 134·0 current·0 all-time
by@tommot2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to diagnose OpenClaw/node/npm/gateway and its filesystems checks align with that purpose. It requests no credentials, no config paths, and includes a small local diagnostic script that inspects typical OpenClaw locations under the user's home directory — all proportional to a setup-diagnostic tool.
Instruction Scope
SKILL.md instructs the agent to run quick-check shell commands (node --version, npm --version, openclaw gateway status) via the agent's exec facility — this is expected for a diagnostic skill but means the agent will execute external binaries. The SKILL.md repeatedly states it will not read file contents; the included script only checks existence/access and does not read file contents. Minor mismatch: SKILL.md's Workspace Audit claims to report file sizes for specific files, but the included diagnose.js does not enumerate per-file sizes — an implementation gap rather than malicious behavior. Also: auto-detection triggers may cause the agent to run quick checks when users report problems; this is reasonable but the user should be aware of automatic invocation.
Install Mechanism
This is instruction-only (no install spec). A small local script is included but there is no download/install mechanism that would fetch remote code. Low install risk.
Credentials
The skill declares no required environment variables or secrets and the code accesses only local filesystem and process metadata (home directory, process.execPath, etc.). That access is proportionate to discovering host-side OpenClaw/Node/npm configuration. There are no network calls or child_process usage in the script.
Persistence & Privilege
always:false and no install actions that modify other skills or global agent config. The skill can be invoked autonomously per platform defaults; combined with its limited local-checks scope this is not excessive. Fix mode promises explicit confirmation before changes — users should confirm that in practice.
Assessment
This skill appears to do what it says: local checks for Node/npm/OpenClaw and filesystem presence. Things to consider before installing: 1) The agent will run shell commands (node/npm/openclaw) to perform quick checks — ensure you trust running those binaries in your environment. 2) Auto-detection rules can cause the agent to run the quick check when you mention errors; if you prefer manual control, avoid enabling automatic invocation or confirm prompts. 3) The included script is local and does not perform network calls or read file contents, but there are small implementation bugs (e.g., minor path-handling issues) — expect possible noisy warnings rather than silent malicious behavior. 4) Always review and explicitly approve any “fix it” action the skill proposes before allowing it to execute changes.Like a lobster shell, security has layers — review code before you run it.
configvk9770s0rnb4rwykdam07s4yhgd83t088diagnosticvk9770s0rnb4rwykdam07s4yhgd83t088diagnosticsvk976phthsy9tmsw3tasr1djsjx83t6d8doctorvk9770s0rnb4rwykdam07s4yhgd83t088environmentvk976phthsy9tmsw3tasr1djsjx83t6d8fixvk9790nnbafytqfg5dre5cv2tyh83tqq0gatewayvk9770s0rnb4rwykdam07s4yhgd83t088health-checkvk978fmcwk0rfvznhecjm4zdpkx83v2azi18nvk978fmcwk0rfvznhecjm4zdpkx83v2azlatestvk97d1qz92ahxghs3gn2d3capxd843501multi-languagevk97bg67b4bysm602fwfwnjvmmx83tm90onboardingvk978fmcwk0rfvznhecjm4zdpkx83v2azsecurityvk97bg67b4bysm602fwfwnjvmmx83tm90setupvk9770s0rnb4rwykdam07s4yhgd83t088troubleshootingvk9770s0rnb4rwykdam07s4yhgd83t088wizardvk9770s0rnb4rwykdam07s4yhgd83t088workspacevk9770s0rnb4rwykdam07s4yhgd83t088
License
MIT-0
Free to use, modify, and redistribute. No attribution required.