📦 botlearn-healthcheck — 实例体检
v1.0.2一键巡检 OpenClaw 实例五大维度(硬件、配置、安全、技能、自治),生成量化红绿灯报告并给出修复建议,保障平台持续健康运行。
0· 406·1 当前·1 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
What you should check before installing or running this skill:
1) Review the bundled scripts before running: the skill includes many Bash/Node scripts that will be executed by the agent and will read many files under OPENCLAW_HOME (config, logs, workspace/*.md). Ensure you trust the publisher and audit the scripts for any unsafe shell commands or missing redaction.
2) Network activity contradiction: SKILL.md claims 'No outbound network requests are made outside the local OpenClaw gateway' but ...详细分析 ▾
ℹ 用途与能力
The name/description (OpenClaw health check) aligns with the included collection scripts and deep-check markdowns: the skill reads OpenClaw runtime state, config, logs, and workspace files and runs local CLI checks. Required binaries (node, bash, curl, and either openclaw or clawhub) make sense for this purpose. One minor mismatch: the registry metadata shows no required env vars while the skill declares OPENCLAW_HOME as primaryEnv — acceptable because the skill falls back to $HOME/.openclaw, but the label 'primary credential' is potentially misleading (OPENCLAW_HOME is a path, not a secret).
⚠ 指令范围
SKILL.md instructs the agent to autonomously run many local commands and to read many files under OPENCLAW_HOME (openclaw.json, logs, workspace identity files including agent.md/user.md/tool.md, cron tasks, etc.). This is coherent for a health check but broad: it will ingest user-facing and possibly personal content (user.md). The SKILL.md also asserts 'No outbound network requests are made outside the local OpenClaw gateway' and 'read-only during the collection phase', but other documents (check_skills.md, some fix hints) reference clawhub search/install and curl install commands that would contact external registries. That's a contradiction that could lead to unexpected network activity. The skill's setup.md states fix operations require explicit user confirmation, but some recommendations include '--force' flags that skip interactive prompts — review how/when these are executed.
ℹ 安装机制
There is no install spec (instruction-only skill) which reduces supply-chain risk from an installer. However, the skill bundles many scripts (17+) which will be executed by the agent; those scripts read/write under the skill directory (e.g., snapshot-manager stores data/checkups/) and execute local CLIs. The scripts and docs include recommended commands that fetch or install software (e.g., 'curl ... | bash' or 'clawhub install ... --force') as remediation suggestions — these are not an installer for the skill itself, but they are high-risk operations if the agent runs them without careful confirmation.
ℹ 凭证需求
The skill does not request secret API tokens or unrelated cloud credentials. It does rely on OPENCLAW_HOME (a path) and reads many files within that directory (config, logs, workspace identity files). Reading workspace identity/user.md may expose personal data — this is expected for a full health audit but is privacy-sensitive and proportionate only if the user expects a deep local audit. The skill claims it will not print credential values and will redact common patterns in logs, which is good practice but should be audited in the scripts to ensure redaction is robust.
ℹ 持久化与权限
always:false (no forced permanent inclusion) and disable-model-invocation:false (agent can autonomously invoke the skill) — both are normal. The skill writes its own snapshots under its own data/checkups directory (snapshot-manager.sh) which is within the skill's scope. The skill does include remediation suggestions to install other skills or run system-level commands; if the agent were allowed to autonomously run 'clawhub install ... --force' that would alter system state and has higher privilege implications — verify that fixes require explicit user confirmation and that autonomous execution is constrained.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSmacOS · Linux
版本
latestv1.0.22026/3/1
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install botlearn-doctor
镜像加速npx clawhub@latest install botlearn-doctor --registry https://cn.longxiaskill.com