OpenClaw Healthcheck
PassAudited by ClawScan on May 10, 2026.
Overview
The skill performs a disclosed local OpenClaw health check using read-only diagnostics, with no evidence of exfiltration, persistence, or destructive behavior.
This appears safe for its stated purpose, but it will run local diagnostic commands and include some local OpenClaw status/log evidence in the output. Run it only on the intended machine and review the generated JSON before sharing it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill will execute local diagnostic commands on the target machine.
The skill executes local shell commands, which is a sensitive capability. In context, the commands are fixed healthcheck commands and are disclosed by the README/SKILL workflow.
return { ok: true, out: execSync(cmd, { encoding: 'utf8', stdio: ['ignore', 'pipe', 'pipe'] }).trim() };Run it only on the intended OpenClaw host/workspace, and review the JSON output before sharing it elsewhere.
Recent logs may contain paths, errors, host details, or other sensitive operational context.
The script includes up to 4000 characters of recent OpenClaw log output in its JSON evidence. This is useful for diagnostics but could expose operational details if the output is shared.
evidence.recentLog = recentLog.out.slice(0, 4000);
Inspect and redact the healthcheck output if it contains sensitive log details before posting or sharing it.