← Back to Skills Marketplace
teachers10086

NightPatch

by teachers10086 · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
641
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install night-patch
Description
自动检测并夜间修复工作流中的低风险问题,支持一键回滚且不影响生产环境。
Usage Guidance
该技能在功能上与“夜间自动修补”描述大体一致,但存在两点需要你在安装前确认:1) 元数据不一致——注册表顶层显示不需要任何 env/config,但包内 manifest 和文档声明会访问 ~/.bash_history、~/.bashrc 并期望 NODE_ENV;这会影响权限评估。2) 写入 ~/.bashrc 是敏感操作(会改变你的 shell 行为),即便项目宣称可回滚,仍请先备份相关文件。建议步骤: - 在隔离环境或容器中先运行 ./start.sh dry-run 并审阅生成的检测报告与审计日志;不要直接启用 cron。 - 在启用任何写入(别名写入、文件移动或日志删除)前,手动检查对应代码(查找实际对 ~/.bashrc 或工作区文件的 fs.writeFile/rename/unlink/exec 调用)。 - 备份 ~/.bashrc、~/.bash_aliases 和你的 workspace。 - 如果对自动运行有疑虑,保持 detectors(例如 note_organization、log_cleanup)为 disabled,先只启用 shell_alias 的检测建议模式。 - 若需要更高隔离,按照 SECURITY_GUIDE.md 的建议在容器或 firejail/bwrap 中运行。 如果你 want me to, I can: 1) point to exact lines that perform file writes/exec calls, 2) produce concrete commands to back up files and run the skill in a container, or 3) highlight any remaining code paths that would execute shell commands (child_process usage) so you can review them before enabling execution.
Capability Analysis
Type: OpenClaw Skill Name: night-patch Version: 1.0.2 The skill is designed with strong security claims and multiple layers of internal safety checks, including production environment detection, rollback requirements, resource limits, and explicit forbidden actions. However, it utilizes powerful capabilities such as `child_process.execSync` for executing shell commands (e.g., creating aliases) and direct file system modifications (`fs.appendFileSync` to `~/.bashrc`, `fs.renameSync`, `fs.unlinkSync`) in `src/patch-executor.js`. While these actions are declared in `SKILL.md` and `manifest.json`, and are subject to extensive internal safeguards in `src/safety-check.js`, the inherent risk of these primitives, particularly `execSync` if inputs were to be subtly mishandled or bypassed, warrants a 'suspicious' classification. There is no evidence of intentional malicious behavior like data exfiltration or stealthy backdoors; rather, the design aims for secure automation, but the capabilities themselves carry a high potential for vulnerability.
Capability Assessment
Purpose & Capability
声明为夜间只修复低风险问题且不影响生产环境;实现包含检测、回滚和cron脚本,功能本身与目的相符. 但存在元数据不一致:注册表级别的“Required env vars/Required config paths”显示无要求,而包内 manifest.json 与 SKILL.md 明确列出需要访问 ~/.bash_history、~/.bashrc 和 NODE_ENV。这种描述/声明的不同步会让权限评估混淆,值得注意。
Instruction Scope
SKILL.md 明确指示只读访问 ~/.bash_history 并写入 ~/.bashrc(添加别名),扫描工作区文件且在用户确认后移动文件;文档承诺不会触达生产环境或发送外部消息。代码片段(index.js、start.sh、setup-cron.sh、run-nightly.sh、safety-check.js)体现了干运行优先、cron 手动集成与多层安全检查,未看到自动上传到远端或外部网络的调用。但写入 shell 启动文件与扫描/移动用户工作区文件是敏感操作,应由用户在启用前核验回滚脚本与实际写操作代码。
Install Mechanism
无安装规范(instruction-only registry entry),但包内包含 Node.js 源码并建议使用 npm install。没有从不可信 URL 下载或自动执行安装步骤,setup-cron.sh 与 README 已改为不自动安装 cron。总体安装机制风险较低,但仍需运行 npm install 来安装依赖。
Credentials
访问 ~/.bash_history(只读)和写入 ~/.bashrc(读写)是文档与 manifest 中明确要求的:这些与“创建 shell alias”功能相关,但属于高敏感范围(可改变用户 shell 行为)。manifest.json 还列出了 NODE_ENV 要求(用于跳过生产),但注册表元数据顶部显示“Required env vars: none”,两处不一致。无云凭据或外部密钥请求,这一点是合理且比例适当,但对本地配置/启动文件的写入需要额外审查与备份。
Persistence & Privilege
技能未请求 always: true,默认允许模型调用(平台默认)。脚本不会自动在安装时启用 cron(setup-cron.sh 会输出示例而不自动注入 crontab),没有修改其他技能或系统级别配置的证据。权限请求集中在用户家目录与工作区内的文件,符合技能目的,但仍需用户授权启用定时任务与写入操作。
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install night-patch
  3. After installation, invoke the skill by name or use /night-patch
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
night-patch v1.0.2 - 更新文件访问说明:新增将 shell alias 写入 ~/.bashrc 而非 ~/.bash_aliases,以提升兼容性,并以注释说明原因 - 其余内容无变化
v1.0.1
✅ Security Fixes – NightPatch v1.0.1 🔧 Issues Fixed 1. Installation Instruction Inconsistency – Resolved Issue: RELEASE.md previously used a placeholder URL (https://example.com), which caused ambiguity in installation instructions. Fix: Replaced the placeholder with clear and explicit instructions directing users to download the package from the official ClawHub page. File Updated: RELEASE.md (Line 46) ⸻ 2. Repository Information Updated Issue: The GitHub repository URL in manifest.json was inaccurate and potentially misleading. Fix: Updated the repository field to reflect a more accurate and structured repository configuration. File Updated: manifest.json (Lines 12–15) ⸻ 3. Added Comprehensive Security Guide New File Added: SECURITY_GUIDE.md (3.7 KB) Includes: • Secure installation guidelines • Risk mitigation strategies • Safe configuration recommendations • Containerized execution guidance • Monitoring and auditing instructions • Emergency rollback procedures This document provides a full security lifecycle guide for safe deployment and usage. ⸻ 4. SKILL.md Security Section Enhanced Improvement: Added a dedicated Security Notes section. Includes: • Security design principles • Explanation of file access scope • Clear usage recommendations • Link to the detailed SECURITY_GUIDE.md This improves transparency and aligns documentation with security best practices. ⸻ 📦 Release Information Version: v1.0.1 (Security Patch Release) Package: night-patch-release.tar.gz (33 KB) Changes Summary: • ✅ Fixed installation instruction inconsistency • ✅ Updated repository metadata • ✅ Added full security documentation • ✅ Improved transparency and risk communication
v1.0.0
Initial release of NightPatch v1.0.0. Includes full functionality, documentation, and automated patch workflow.
Metadata
Slug night-patch
Version 1.0.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is NightPatch?

自动检测并夜间修复工作流中的低风险问题,支持一键回滚且不影响生产环境。 It is an AI Agent Skill for Claude Code / OpenClaw, with 641 downloads so far.

How do I install NightPatch?

Run "/install night-patch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is NightPatch free?

Yes, NightPatch is completely free (open-source). You can download, install and use it at no cost.

Which platforms does NightPatch support?

NightPatch is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created NightPatch?

It is built and maintained by teachers10086 (@teachers10086); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments