ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Auto-Heal

v1.0.0

自动监控 OpenClaw 状态,每60秒检测并自动修复卡死、无响应和内存超限问题,确保服务稳定运行。

0· 355·3 current·3 all-time
by@zacharyzax

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zacharyzax/auto-heal.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Auto-Heal" (zacharyzax/auto-heal) from ClawHub.
Skill page: https://clawhub.ai/zacharyzax/auto-heal
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install auto-heal

ClawHub CLI

Package manager switcher

npx clawhub@latest install auto-heal
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (auto-monitor and auto-repair OpenClaw) align with the code and SKILL.md behavior. However the registry metadata declares no required binaries while both SKILL.md and install.js/monitor.js require the 'openclaw' CLI to be present. That missing declaration is an incoherence the user should notice.
!
Instruction Scope
Runtime instructions and monitor.js run many shell commands (openclaw gateway status/restart, openclaw sessions list/kill, ps/pgrep, find ... -delete) and write to ~/.openclaw/openclaw.json, logs/, and state.json. These actions are within a monitor's expected scope but are high‑impact (restarting services, killing sessions, deleting old logs). The SKILL.md does not limit when or how aggressively fixes are applied beyond config, and it assumes the agent user has permission to perform restarts/kills.
Install Mechanism
There is no official install spec in the registry entry (instruction-only skill), but the repo files include install.js and a README that suggests 'git clone' and 'npm install'. The code itself does not fetch remote payloads at runtime. Because the registry metadata lacks an install step, users must be careful how they obtain and install these files (verify origin) before running npm install / running the scripts.
Credentials
The skill does not request environment variables or external credentials, which is consistent with its local-monitoring purpose. It does, however, read and write user configuration (~/.openclaw/openclaw.json) and creates logs in the skill directory — this is expected but high-privilege relative to ordinary read-only tools.
Persistence & Privilege
The skill does not set always: true and is user-invocable (normal). It writes its own configuration and logs and suggests cron entries (user-level persistence). There is no evidence it modifies other skills or system-wide agent settings, but it will perform privileged actions (restart gateway, kill sessions) when run — ensure the process is not run as root unless intended.
What to consider before installing
This skill appears to implement a legitimate OpenClaw watchdog, but take these precautions before installing or running it: - Verify you actually have the openclaw CLI installed and that the registry entry should have declared that requirement (install.js checks 'which openclaw'). - Inspect the included monitor.js and install.js yourself (they are small and provided). The monitor executes shell commands that can restart the gateway, kill sessions, delete old logs, and overwrite ~/.openclaw/openclaw.json. - Do not run install or monitor as root. Run in a staging/non-production environment first to observe behavior. - Backup ~/.openclaw/openclaw.json and any important data before running install.js, since it will write config entries. - If you plan to enable cron/daemon mode, test a single run with `node monitor.js --check-once` to confirm results. - Confirm the source/trustworthiness of the code (registry shows source unknown though README references a GitHub repo). If you cannot verify the upstream repository or maintainer, avoid automated installation and consider manually copying only the parts you understand. If you want a higher-confidence assessment, provide the skill's upstream repository URL or confirm how you obtained the files so I can check for typosquatting, commit history, or upstream releases.
install.js:19
Shell command execution detected (child_process).
monitor.js:42
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971nbnbkm7zedntg440pw7kd982vk57
355downloads
0stars
1versions
Updated 10h ago
v1.0.0
MIT-0
@zacharyzax
latest
Download

Auto-Heal Skill

全天自动监控 OpenClaw 状态,检测到卡死自动修复。

触发条件

当用户询问以下问题时激活:

  • "自动修复卡死"
  • "监控 OpenClaw"
  • "自动重启"
  • "健康检查"
  • "防止卡死"
  • "守护进程"

功能

1. Gateway 监控

  • 每 60 秒检查一次 gateway 状态
  • 如果无响应或异常,自动重启

2. Agent 会话监控

  • 检测卡死的 Agent 会话(30分钟无响应)
  • 自动清理僵尸会话

3. 内存监控

  • 监控 OpenClaw 内存使用
  • 超过 80% 时自动清理和重启

4. 日志记录

  • 所有操作记录到 logs/auto-heal.log
  • 状态保存到 state.json

使用方法

启动监控

# 前台运行
node ~/.openclaw/workspace/skills/auto-heal/monitor.js

# 后台运行
nohup node ~/.openclaw/workspace/skills/auto-heal/monitor.js > /dev/null 2>&1 &

使用 Cron 定时任务(推荐)

# 编辑 crontab
crontab -e

# 添加每5分钟检查一次
*/5 * * * * cd ~/.openclaw/workspace/skills/auto-heal && node monitor.js --check-once

手动检查

openclaw health check

配置

编辑 ~/.openclaw/openclaw.json

{
  "skills": {
    "auto-heal": {
      "enabled": true,
      "checkInterval": 60,
      "autoFix": true,
      "memoryThreshold": 80,
      "notifyChannel": "feishu"
    }
  }
}

工作流程

启动监控
    ↓
每60秒执行健康检查
    ↓
检查 Gateway 状态
检查 Agent 会话
检查内存使用
    ↓
发现问题?
    ↓ 是
自动修复
    ↓
记录日志
    ↓
等待下一次检查

日志查看

# 实时查看日志
tail -f ~/.openclaw/workspace/skills/auto-heal/logs/auto-heal.log

# 查看最近100行
tail -n 100 ~/.openclaw/workspace/skills/auto-heal/logs/auto-heal.log

状态查看

cat ~/.openclaw/workspace/skills/auto-heal/state.json

注意事项

  1. 监控脚本需要 openclaw CLI 可用
  2. 确保有足够的权限执行重启命令
  3. 日志文件会定期清理(保留7天)
  4. 如果自动修复失败,会记录错误日志

Comments

Loading comments...