OpenClaw Healthcheck

This skill appears to implement a local OpenClaw health/security audit and does not contact external endpoints, but there are two practical concerns before you run it: 1) Metadata omissions: The package registry metadata does NOT list required binaries or config paths, but the script expects system commands (openclaw, lsof, tail) and reads ~/.openclaw/openclaw.json and /tmp/openclaw/<date>.log. Confirm those commands exist and be prepared for the script to read those files. 2) Sensitive local reads: The script collects command output and file contents into a JSON 'evidence' object that may contain config values or log lines (which can include secrets or PII). Review the script first and run it in a safe/test account or sandbox (or with a temporary HOME) before running on a production host. Practical steps: - Inspect scripts/healthcheck.mjs yourself (you already have it) to verify what will be read and output. - Run the included tests in a sandboxed temp directory (npm test / node tests/test.mjs) to see behavior. - Back up ~/.openclaw/openclaw.json and any logs, or run the script with HOME pointed at a safe test directory if you want to avoid exposing real configs. - If you plan to install for repeated use, ask the maintainer to update metadata to declare required binaries (openclaw, lsof, tail) and config/log paths so the capability and the requested access are explicit. Given these mismatches between metadata and actual behavior, treat the skill as suspicious until you confirm its runtime reads and outputs are acceptable for your environment.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.