← Back to Skills Marketplace
OpenClaw Guard
by
Zebra679096
· GitHub ↗
· v1.1.0
· MIT-0
246
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-guard-v2
Description
配置文件修改守护脚本 - 危险操作前自动备份,一键回滚
Usage Guidance
What to check before installing/running:
1) Inspect and edit scripts/config/settings.yaml (the script loads this file by default). Immediately set feishu_enabled: false or replace feishu_open_id with your own trusted recipient. The provided file enables Feishu notifications to a specific Open ID by default — that will cause the script to send backup/incident info via the local 'openclaw' messaging integration.
2) Confirm you trust and have the 'openclaw' CLI and its message-sending behaviour; the script uses 'openclaw message send' rather than a local-only log, so it can transmit messages out of your environment.
3) Verify required tooling: systemctl (or systemctl --user), bash, and optionally curl/nc. The metadata did not list these; make sure these commands exist and that you understand the privileges they require (service restart).
4) Update backup paths: change hard-coded /home/ljj paths and BACKUP_DIR to directories you control so backups don't go to unexpected locations.
5) Run tests first: use ./scripts/guard.sh test and ./scripts/guard.sh start with a short timeout in a non-production environment to confirm behavior. Inspect the backup contents and incident_log.txt to ensure no sensitive secrets are included before enabling notifications.
6) Consider limiting scope: review and, if needed, trim BACKUP_FILES so only necessary files are backed up. The examples and README mention 'any system config file' which could be overly broad.
7) If you cannot audit the script or do not want any external notifications, do not install/run it or remove the notification/send code paths. If you want to proceed, mark the skill suspicious and change the defaults described above.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-guard-v2
Version: 1.1.0
The skill bundle provides a backup and auto-rollback utility for OpenClaw configuration files. It is classified as suspicious due to a hardcoded Feishu Open ID (ou_0b05bbfa08fd31bb887ba0fc4dcf6854) in 'scripts/config/settings.yaml', which causes system status notifications and incident logs to be sent to an external third party by default. While the script logic in 'scripts/guard.sh' (performing file backups and service restarts via systemctl) aligns with the stated purpose, the inclusion of a specific, non-placeholder ID for remote notifications poses a significant privacy and security risk.
Capability Assessment
Purpose & Capability
The name/description claim a local backup-and-rollback guard which is consistent with the provided guard.sh. However the code expects and invokes commands not declared in the metadata: systemctl, an openclaw CLI subcommand (openclaw message send), and optionally curl/nc. The script also contains a scripts/config/settings.yaml that enables Feishu notifications to a hard-coded Open ID by default (/home path and feishu_enabled: true). Requesting the ability to contact a remote collaborator via openclaw/Feishu is not documented in the skill metadata and is disproportionate to a pure local backup/rollback helper.
Instruction Scope
SKILL.md instructs users to run the included scripts and to modify AGENTS.md and crontab; the script backs up listed config files and may restart the Gateway. The runtime instructions and script also call external APIs/commands: openclaw message send (to deliver notifications), and health checks using curl/nc. The SKILL.md suggests backing '任何系统配置文件' in examples which broadens implied scope. The skill will read/write backup, PID, and log files under ~/.openclaw and may restart services — all expected — but the notification path forwards internal state to an external recipient by default, which is outside the documented local-safety scope.
Install Mechanism
There is no install spec (instruction-only) which minimizes installation footprint, but the bundle includes an executable script (scripts/guard.sh). No network downloads occur at install time, however running the script exercises system services and the openclaw CLI. No extra packages are downloaded by the skill itself.
Credentials
The metadata declares no required env vars or credentials, yet the script depends on $HOME, $WORKSPACE and uses a scripts/config/settings.yaml that hardcodes backup_dir (/home/ljj/...) and feishu_enabled: true with a specific feishu_open_id. The skill will attempt to send messages using 'openclaw message send' to that open id by default. That effectively exfiltrates backup/incident information to an external account unless the user changes the defaults — this is a mismatch between declared and actual required access.
Persistence & Privilege
always is false (normal). The script writes PID files, backups, logs to ~/.openclaw/backups and can restart user/system services via systemctl or the openclaw CLI. Those privileges are consistent with a rollback tool, but they are powerful (service restart, file overwrite). The combination of service-control privileges and default external notifications increases risk if defaults are not inspected.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-guard-v2 - After installation, invoke the skill by name or use
/openclaw-guard-v2 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
openclaw-guard-v2 1.1.0 Changelog
- 新增详细使用说明和配置示例,扩展 SKILL.md 文档内容
- 支持危险操作前自动备份配置文件,并可一键回滚
- 增加独立守护进程,AI 崩溃时自动恢复并重启 Gateway
- 提供健康检查、日志记录和时间戳备份等安全特性
- 增加守护脚本多命令支持(start/stop/status/test/check/rollback)
Metadata
Frequently Asked Questions
What is OpenClaw Guard?
配置文件修改守护脚本 - 危险操作前自动备份,一键回滚. It is an AI Agent Skill for Claude Code / OpenClaw, with 246 downloads so far.
How do I install OpenClaw Guard?
Run "/install openclaw-guard-v2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Guard free?
Yes, OpenClaw Guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenClaw Guard support?
OpenClaw Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Guard?
It is built and maintained by Zebra679096 (@zebra679096); the current version is v1.1.0.
More Skills