← Back to Skills Marketplace
OpenClaw Ops
by
Linfeng Liang
· GitHub ↗
· v1.2.1
736
Downloads
0
Stars
8
Active Installs
4
Versions
Install in OpenClaw
/install openclaw-ops
Description
Use when diagnosing, repairing, or maintaining an OpenClaw Gateway on the same machine. Designed for rescue agents to fix a down gateway or check operational...
Usage Guidance
This skill is coherent for its stated use: maintaining a local OpenClaw Gateway. Before installing, ensure you: (1) install it only on a separate, trusted rescue agent (the README repeats this warning), not on the primary gateway; (2) verify the rescue agent's access controls because the skill requires read/write access to ~/.openclaw/ and access to env files containing tokens; (3) review and keep copies of the SKILL.md so you understand what commands the agent will run, and require explicit user confirmation for destructive actions; (4) prefer running the rescue agent under a least-privilege account or inside a restricted container/VM to limit blast radius; (5) if you need stronger assurances, ask for an explicit list of local env filenames the skill will read and for any automated export/transmit steps (none are present in the current SKILL.md). If the package later includes code files or an install script that downloads archives or runs external binaries, re-evaluate before installing.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-ops
Version: 1.2.1
This skill is classified as suspicious due to the high-risk capabilities it grants to an AI agent, which could be exploited via prompt injection. The `SKILL.md` instructs the agent to read and copy sensitive files like `~/.openclaw/env` (which contains tokens) and perform destructive operations like `npm update -g openclaw` and `find ... -delete`. While the skill explicitly includes safety instructions such as 'Never print secrets' and 'Destructive operations require user confirmation', the reliance on these prompt-based directives creates a significant vulnerability. An attacker could potentially craft a prompt to bypass these instructions, leading to unauthorized data exfiltration or system modification.
Capability Assessment
Purpose & Capability
Name/description match the runtime instructions: the skill explicitly targets diagnosis, repair, and maintenance of a local OpenClaw Gateway and asks only for shell access, Node.js/npm availability, and read/write access to ~/.openclaw/. Those requirements are appropriate for the stated tasks (logs, config edits, service restarts, dependency reinstall).
Instruction Scope
SKILL.md instructs the agent to read logs, configuration files, and env files containing tokens (with a non-enforceable instruction to never print them), run systemctl/launchctl, and perform safe-edit/backup workflows. These actions are within scope but do require the rescue agent to have access to secrets and the ability to modify system services — ensure the rescue agent itself is trusted. The guidance relies on the agent's discretion (e.g., not printing tokens), which is a behavioral constraint rather than an enforced technical control.
Install Mechanism
This is an instruction-only skill with no install spec or code files to be downloaded or executed during install. That minimizes supply-chain risk. README suggests installing SKILL.md from a GitHub repo, but the skill bundle in the registry contains only documentation; there is no automatic installer to evaluate.
Credentials
The skill declares no required environment variables in the registry metadata, yet the instructions explicitly state the agent will access local env files containing tokens in ~/.openclaw/. Access to these local secrets is proportional to the task, but the registry metadata omission is a minor inconsistency. No unrelated external credentials or high-privilege cloud keys are requested.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request persistent privileges or modify other skills' configs. It performs privileged local operations (service restarts, config edits) which are inherent to its purpose — install it only on a dedicated rescue agent, not on the primary gateway.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-ops - After installation, invoke the skill by name or use
/openclaw-ops - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.1
Declare requirements and security notes: shell access, config access, credentials handling, backup-before-modify policy
v1.2.0
Command verification, config get fix, install warnings, mermaid architecture diagram, remote access guide, rescue scenario examples
v1.1.0
Refocus on two core scenarios (Rescue + Health Check), remove out-of-scope content, add architecture diagram and remote access guide
v1.0.0
Initial release: 8 ops modules (status, config, restart, logs, systemd/launchd setup, updates, env check, backup), plus session cleanup, doctor reference, Tailscale troubleshooting, healthcheck cron
Metadata
Frequently Asked Questions
What is OpenClaw Ops?
Use when diagnosing, repairing, or maintaining an OpenClaw Gateway on the same machine. Designed for rescue agents to fix a down gateway or check operational... It is an AI Agent Skill for Claude Code / OpenClaw, with 736 downloads so far.
How do I install OpenClaw Ops?
Run "/install openclaw-ops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Ops free?
Yes, OpenClaw Ops is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw Ops support?
OpenClaw Ops is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Ops?
It is built and maintained by Linfeng Liang (@dinstein); the current version is v1.2.1.
More Skills