ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Ops Guardrails

v0.1.1

OpenClaw 运维防呆与排障标准化技能。用于跨设备(Gateway + Mac nodes)巡检、远程执行稳定性治理、CLI-only 兼容、配对/审批异常排查、以及对外发布前脱敏检查。用户提到“又报错了/审批超时/pairing required/system.run failed/如何标准化运维规则”时使用。

1· 2.2k·25 current·26 all-time
by@xyezir
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included instructions and reference playbook files; all commands and checks (openclaw status/health, approvals, pairing, system.run, lsof, ssh probes) are coherent for an operations guardrails skill.
Instruction Scope
SKILL.md directs only to run CLI inspection and remediation steps, validate node capabilities, perform minimal acceptance checks, and sanitize outputs before sharing. It does not instruct broad data collection or secret exfiltration. Suggested grep scans and probes are appropriate for sanitization and troubleshooting.
Install Mechanism
No install spec and no code files beyond markdown — the skill is instruction-only, so nothing is written to disk or downloaded at install time.
Credentials
The skill requests no environment variables, credentials, or config paths. It references tokens and endpoints as placeholders for user-supplied values, which is appropriate for an ops runbook. There are no unexplained or unrelated secret requests.
Persistence & Privilege
always is false and the skill does not request persistent system changes or modify other skills. Autonomous invocation is allowed by default but is not combined with other concerning flags.
Assessment
This skill is a set of runbook instructions and appears coherent for operations troubleshooting. Before using it: (1) do not paste real tokens/keys/passwords into the chat — replace them with the placeholders noted (<gateway-token>, <api-endpoint>, etc.); (2) review any commands the agent proposes to run and prefer to execute sensitive commands yourself in a secure environment; (3) follow the sanitization checklist before sharing outputs externally; (4) if you plan to allow autonomous execution, restrict it to non-sensitive contexts or require explicit approval for actions that use credentials or modify devices.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aatv0gewrtdawrb09d82qe18238q8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments