← Back to Skills Marketplace
kintupercy

DeadClaw

by Zen Fox · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
598
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install deadclaw
Description
Emergency kill switch for OpenClaw agents. Instantly halts all running agents, pauses scheduled jobs, kills active sessions, and logs everything — triggered...
README (SKILL.md)

DeadClaw — Emergency Kill Switch for OpenClaw Agents

"One tap. Everything stops."

DeadClaw is a single-purpose emergency kill switch. When triggered, it immediately halts all running OpenClaw agent processes, stops Docker containers, pauses all scheduled cron jobs and heartbeats, kills all active sessions, and writes a timestamped incident log. It then confirms back to whichever surface triggered it.

Works with both native OpenClaw installs and Docker-based deployments (Hostinger VPS, etc.). Auto-detects your setup.

Why DeadClaw Exists

The ClawHavoc attack (February 2026) exposed 1,184 malicious skills in the OpenClaw ecosystem. People run agents autonomously — often overnight, often unattended. When something goes wrong, you need a way to stop everything from wherever you are, even from your phone. DeadClaw is that way.

Activation Methods

DeadClaw supports three activation methods. All three execute the exact same kill sequence — the only difference is how the user triggers it.

Method 1: Message Trigger

The user sends a trigger word to any connected OpenClaw channel (Telegram, WhatsApp, Discord, Slack, or any other connected channel). The following words activate DeadClaw:

  • kill or KILL
  • dead
  • stop everything
  • emergency stop
  • deadclaw
  • 🔴

When a trigger word is detected:

  1. Execute scripts/kill.sh from the DeadClaw skill directory
  2. Capture the output (process count, containers stopped, cron jobs paused, timestamp)
  3. Send confirmation back to the same channel the trigger came from: 🔴 DeadClaw activated. All agents stopped. [timestamp] — [X] killed ([X] processes, [X] containers). [X] cron jobs paused. See deadclaw.log for full report.

Method 2: WebChat Kill Button

A persistent red button rendered in the OpenClaw WebChat dashboard. The HTML widget is located at ui/deadclaw-button.html. It calls kill.sh via OpenClaw's WebChat API hooks (window.OpenClaw.exec()). If the WebChat hooks are unavailable, the button degrades to showing an error message with manual instructions.

To embed the button, use OpenClaw's WebChat customization hooks:

OpenClaw.WebChat.registerWidget('deadclaw-button', {
  src: 'skills/deadclaw/ui/deadclaw-button.html',
  position: 'top-bar',
  persistent: true
});

Method 3: Phone Home Screen Shortcut

A pre-built shortcut that sends the kill trigger message (deadclaw) to the user's configured Telegram bot. Setup guides for iOS and Android are in docs/:

  • docs/iphone-shortcut-guide.md — iOS Shortcuts setup
  • docs/android-widget-guide.md — Android widget setup (Tasker or HTTP Shortcuts)

Watchdog (Passive Protection)

DeadClaw includes a background watchdog (scripts/watchdog.sh) that monitors for dangerous conditions and auto-triggers the kill without any user action.

The watchdog checks every 60 seconds for (after a 5-minute startup grace period):

  1. Runaway loops — Any agent process or Docker session running longer than 30 minutes
  2. Token burn — Token spend exceeding 50,000 tokens in under 10 minutes
  3. Unauthorized network — Outbound network calls to domains not on the user's whitelist
  4. Sandbox escape — Any process attempting to write outside the designated OpenClaw workspace

The watchdog uses zero AI tokens — all checks use local system commands only.

When the watchdog auto-triggers, it sends an alert explaining the reason: 🔴 DeadClaw auto-triggered. Reason: [specific reason]. All processes stopped. Check deadclaw.log.

Watchdog Configuration

The watchdog reads its thresholds from environment variables (with sensible defaults):

Variable Default Description
DEADCLAW_MAX_RUNTIME_MIN 30 Max agent runtime in minutes before auto-kill
DEADCLAW_MAX_TOKENS 50000 Max token spend in the monitoring window
DEADCLAW_TOKEN_WINDOW_MIN 10 Token spend monitoring window in minutes
DEADCLAW_WHITELIST ./network-whitelist.txt Allowed outbound domains (one per line)
DEADCLAW_WORKSPACE $OPENCLAW_WORKSPACE Designated workspace directory

Start the watchdog:

scripts/watchdog.sh start

Stop the watchdog:

scripts/watchdog.sh stop

Additional Commands

Status Check

User sends status to any connected channel. DeadClaw responds with a plain-English health report by executing scripts/status.sh:

  • What agents are currently running (name, PID, uptime)
  • Current token spend rate
  • Whether the watchdog is active
  • Any warnings about approaching thresholds

Restore After Kill

User sends restore to any connected channel. DeadClaw executes scripts/restore.sh, which:

  1. Shows what will be restored (backed-up crontab entries, stopped Docker containers, disabled services)
  2. Prompts: "Restore [X] cron jobs from backup taken at [timestamp]? (yes/no)"
  3. Restores the crontab from the most recent backup
  4. Restarts stopped OpenClaw Docker containers
  5. Detects the OpenClaw gateway
  6. Confirms restoration with a summary

The watchdog does NOT auto-start after restore — the user verifies stability first, then starts it manually with scripts/watchdog.sh start.

Scripts Reference

Script Purpose
scripts/kill.sh Core kill script — stops all agents + Docker containers, pauses cron, logs incident
scripts/watchdog.sh Background monitor daemon — auto-triggers kill on threshold breach
scripts/status.sh Health report — shows running agents, Docker containers, token spend, watchdog status
scripts/restore.sh Post-kill recovery — restores crontab, restarts Docker containers

All scripts support a --dry-run flag that logs what would happen without taking action.

Incident Log

All kill events are logged to deadclaw.log in the skill directory. Each entry records: timestamp, trigger source (channel name), trigger method (message/button/ watchdog/auto), processes killed (count and PIDs), Docker containers stopped, cron jobs paused, and token spend at time of kill. The log is append-only and never automatically cleared.

Platform Support

DeadClaw works on both Linux (VPS, bare metal) and macOS (Mac Mini, MacBook). Scripts auto-detect the OS and use the appropriate commands:

  • Linux: systemctl for services, pgrep for processes, Docker support
  • macOS: launchctl for agents, pgrep for processes, Docker support
Usage Guidance
This package appears to implement a real emergency 'kill switch', but exercise caution before installing: - Inspect the scripts (kill.sh, watchdog.sh, restore.sh, status.sh) yourself or have an admin do so. They perform destructive host actions (kill processes, stop Docker containers, modify crontab). Use --dry-run first. - The skill reads many environment variables and a network whitelist file that are not declared in the registry metadata. Configure DEADCLAW_WHITELIST, DEADCLAW_WORKSPACE, and DEADCLAW_* thresholds explicitly before starting the watchdog. - Change or restrict trigger words immediately. Words like "kill" are easy to fire accidentally. Consider requiring a less common passphrase or adding an authorization step before performing destructive actions. - The phone/home-screen shortcuts require storing a Telegram bot token/chat ID on the device — keep these secrets secure. Prefer sending triggers through a locked, private channel and limit which chat IDs can trigger the skill. - Do not start the watchdog until you’ve tested kill/restore with --dry-run and confirmed the scripts only target expected OpenClaw processes (set OPENCLAW_PROCESS_PATTERN if needed). - Because the watchdog can autonomously kill processes, consider leaving it disabled initially or run it with conservative thresholds and monitoring turned on (dry-run mode) until you trust its behavior. If you cannot audit the scripts or you need stricter guarantees, prefer a kill mechanism implemented by the platform (OpenClaw core) with built-in access controls rather than a third-party skill.
Capability Analysis
Type: OpenClaw Skill Name: deadclaw Version: 1.0.1 The 'deadclaw' skill is a legitimate emergency kill switch and monitoring utility for OpenClaw agents. It provides a suite of bash scripts (kill.sh, watchdog.sh, status.sh, restore.sh) designed to terminate runaway processes, stop Docker containers, and pause scheduled tasks (cron/systemd/launchd) upon user request or automated threshold breaches (e.g., excessive token spend or unauthorized network calls). The code is well-documented, includes safety features like dry-run modes and crontab backups, and lacks any indicators of malicious intent, data exfiltration, or unauthorized persistence.
Capability Assessment
Purpose & Capability
The name/description match the included scripts (kill, restore, status, watchdog). However the SKILL.md claims message triggers 'work immediately with no setup' while the scripts rely on the OpenClaw CLI or Docker exec and environment configuration (workspace, whitelist, trigger source). The skill also provides phone/widget setup docs that require a Telegram bot token and chat ID (user-provided), which the registry metadata does not declare. Overall capability aligns with purpose but some operational requirements are under-specified.
Instruction Scope
Runtime instructions and included scripts perform high-privilege actions: killing processes, stopping Docker containers, backing up and modifying crontabs, and running docker exec openclaw commands. The SKILL.md and scripts reference environment variables and config files (DEADCLAW_*, OPENCLAW_WORKSPACE, network-whitelist.txt, OPENCLAW_PROCESS_PATTERN, DEADCLAW_TRIGGER_SOURCE) that are not declared in the registry metadata. Trigger words include common terms like 'kill' and '🔴' which are prone to accidental activation. The watchdog auto-triggers kills based on local checks — this grants the skill broad autonomous power over the host.
Install Mechanism
There is no install spec (instruction-only skill), so nothing is downloaded/executed during installation beyond the skill bundle itself. The code is provided in the skill package (shell scripts), so the attack surface is the scripts' runtime behavior rather than a remote install URL. This is lower-risk than an arbitrary download, but scripts will run on the host when invoked.
Credentials
Registry metadata lists no required environment variables, yet SKILL.md and the scripts read many env vars and config paths (DEADCLAW_MAX_RUNTIME_MIN, DEADCLAW_MAX_TOKENS, DEADCLAW_WHITELIST, DEADCLAW_WORKSPACE, OPENCLAW_PROCESS_PATTERN, DEADCLAW_TRIGGER_SOURCE, DEADCLAW_TRIGGER_METHOD). The phone shortcut docs instruct users to put Telegram bot tokens/chat IDs into device shortcuts (user-controlled), but the skill itself may attempt to use openclaw CLI or docker exec to send messages — which could require platform credentials or access the OpenClaw gateway. The mismatch between declared and used env/config access is a red flag.
Persistence & Privilege
always:false (good). The skill includes a long-running watchdog (scripts/watchdog.sh) that, when started, autonomously monitors and can auto-trigger kills. Autonomous invocation (disable-model-invocation:false) is platform default; combined with the watchdog's ability to self-trigger, this increases blast radius. The skill does not declare modifications to other skills' configs, but it does modify system crontabs and manage services — operations that are high-privilege and persistent while the watchdog runs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install deadclaw
  3. After installation, invoke the skill by name or use /deadclaw
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
v1.0.1 — Security hardening: input validation for CLI args, log injection prevention, reject overly broad process patterns, validate numeric env vars with safe defaults.
v1.0.0
v1.0.0 — Initial release. Emergency kill switch for OpenClaw agents. Instantly halts all running agents, stops Docker containers, pauses scheduled jobs, and logs everything. Includes background watchdog for auto-kill on runaway loops, token burn, unauthorized network calls, or sandbox escape. Works on Linux VPS and macOS. Three activation methods: message trigger, WebChat button, phone shortcut.
Metadata
Slug deadclaw
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is DeadClaw?

Emergency kill switch for OpenClaw agents. Instantly halts all running agents, pauses scheduled jobs, kills active sessions, and logs everything — triggered... It is an AI Agent Skill for Claude Code / OpenClaw, with 598 downloads so far.

How do I install DeadClaw?

Run "/install deadclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is DeadClaw free?

Yes, DeadClaw is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does DeadClaw support?

DeadClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created DeadClaw?

It is built and maintained by Zen Fox (@kintupercy); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments