by 安全扫描
OpenClaw
安全
medium confidenceThe skill's files and runtime instructions match its stated purpose (a macOS launchd watchdog for an OpenClaw gateway); it installs a persistent launchd job, monitors the gateway, and restarts it as described — nothing in the package appears to perform unrelated or covert actions, though there are a few operational risks to review before installing.
评估建议
This package appears to do what it says: a macOS launchd watchdog for an OpenClaw gateway. Before installing: 1) Review defibrillator.sh and install.sh yourself (do not blindly run curl | bash). 2) Be aware the installer writes to ~/Library/LaunchAgents and ~/.openclaw and will call the OpenClaw CLI and a local health endpoint; if you don't trust existing OpenClaw config, audit those calls. 3) If you enable Discord notifications, set DISCORD_CHANNEL deliberately; the notify function uses OpenCla...详细分析 ▾
✓ 用途与能力
Name/description (agent watchdog) align with the code and README: scripts monitor a launchd gateway, check responsiveness/version, and restart via launchctl. Required actions (writing to ~/Library/LaunchAgents, ~/.openclaw/scripts, and logs) are consistent with providing a persistent watchdog.
ℹ 指令范围
SKILL.md and scripts instruct the agent to install and run a launchd service and to read local state (process list, session file mtime, local health endpoint). Those actions are necessary for a watchdog, but the script touches ~/.openclaw/agents/main/sessions/sessions.json (reads mtime) and calls openclaw commands and localhost health endpoints — review if you are uncomfortable with a tool inspecting or interacting with local agent state/CLI.
ℹ 安装机制
No formal install spec in registry, but the package includes install.sh and defibrillator.sh. install.sh may download defibrillator.sh from raw.githubusercontent.com (a common but unaudited source) and README recommends a curl | bash one-liner. Downloading and executing remote scripts is convenient but increases risk — prefer cloning the repo and auditing scripts before running.
✓ 凭证需求
The skill requires no extra environment variables or external credentials. It relies on existing OpenClaw CLI/config and the user's launchd privileges, which are proportional for a tool that manages the OpenClaw gateway. Note: it reads session file timestamps and invokes openclaw message send (for Discord notifications), so it will use whatever OpenClaw configuration/credentials exist on the host.
✓ 持久化与权限
The installer creates a per-user launchd agent under ~/Library/LaunchAgents and scripts under ~/.openclaw — expected for a persistent watchdog. always:true is not set. The skill does not modify other skills' configurations or system-wide settings beyond the user's LaunchAgents.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/2/16
Security fixes: removed hardcoded Discord channel, recommend git clone over curl|bash
● 可疑
安装命令
点击复制官方npx clawhub@latest install agent-defibrillator
镜像加速npx clawhub@latest install agent-defibrillator --registry https://cn.longxiaskill.com