← Back to Skills Marketplace
indigokarasu

Custodian

by Indigo Karasu · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
93
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ocas-custodian
Description
Autonomously monitors OpenClaw system health, fixes log errors, initializes skills, registers tasks, and performs overnight maintenance to surface unresolved...
Usage Guidance
Custodian's behavior is internally consistent with a system-maintenance role, but it performs high-impact operations: it will read gateway logs and many skill data dirs, edit cron entries, create/rotate JSONL files, and can generate gateway tokens or refresh OAuth. Before installing: (1) verify you trust the source repository (the SKILL.md references a GitHub repo); (2) back up your cron/jobs.json, gateway config, and any critical skill data; (3) run the skill manually (custodian.scan.light / custodian.scan.deep) in a controlled environment to review proposed fixes rather than allowing full autonomous repair; (4) inspect references/known_issues.json and custodian-repair.plan to confirm auto-fix commands are acceptable for your environment; (5) consider disabling autonomous invocation until satisfied, and ensure downstream collaborator skills (Sift, Vesper, Mentor) are also trustworthy. If you want a stricter assessment, provide the actual openclaw binary implementations for 'openclaw doctor/cron' or logs showing how tokens are stored/used — that would raise confidence to high.
Capability Analysis
Type: OpenClaw Skill Name: ocas-custodian Version: 1.0.0 The ocas-custodian skill is classified as suspicious due to its high-privilege administrative capabilities, including the ability to modify cron jobs, generate gateway authentication tokens, and execute shell commands for autonomous repairs (SKILL.md, known_issues.json). While these functions support its stated purpose of system maintenance, the broad control over the environment and the potential for shell injection via log-based triggers pose a security risk. Furthermore, the inclusion of a self-update mechanism and a web-search-based learning protocol (README.md) introduces additional supply chain and prompt-injection vectors.
Capability Assessment
Purpose & Capability
Name/description (custodian that monitors logs, cron, skill data and performs Tier 1 fixes) aligns with the instructions and bundled artifacts. It reads/writes OCAS data dirs, skill journals, gateway logs, and edits cron entries and JSONL state files — all expected for a maintenance/repair agent. It does not request unrelated credentials or external services in the registry metadata.
Instruction Scope
SKILL.md explicitly instructs reading many system paths (~/.openclaw, /tmp/openclaw, skill data dirs), tailing logs, editing cron entries, creating directories, rotating JSONL files, running `openclaw doctor`, generating gateway tokens, and performing OAuth refreshes. These actions are coherent with maintenance duties but are high-impact (can change scheduling, create tokens, refresh auth). The skill also has a 'web search pass' and coordinates with other skills (Sift, Vesper, Mentor) which can trigger external network queries. No instructions direct data to unknown remote endpoints or request secrets, but the breadth of file/system access is significant and should be authorized deliberately.
Install Mechanism
This is instruction-only with no install spec or code files to execute; that is the lowest-risk install model. SKILL.md contains an 'install' hint referencing a GitHub repo, but the registry package itself contains the necessary docs and references; no archive downloads or executables are included here.
Credentials
The skill declares no required environment variables or credentials (primary credential: none). However, runtime actions (OAuth refresh, generating gateway token via `openclaw doctor`) will affect authentication state and may rely on existing system tokens/config. It does not explicitly request external credentials, which is proportionate, but the agent will touch authentication artifacts that deserve review because logs or files it reads could contain tokens.
Persistence & Privilege
Flags are default (not always:true) and model invocation is allowed (normal). Custodian is expected to register cron/heartbeat jobs and write into its own data directories; it will also edit the global cron registry and potentially generate gateway/OAuth tokens. Those are normal for a system caretaker, but they are privileged operations — consider whether you want autonomous invocation or prefer manual runs until you trust behavior.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ocas-custodian
  3. After installation, invoke the skill by name or use /ocas-custodian
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of ocas-custodian skill. - Provides automated detection, classification, and repair of OpenClaw operational failures during quiet hours. - Supports system health checks, log error fixes, cron failure reviews, skill initialization, and overnight maintenance tasks. - Includes both light (fast, heartbeat-driven) and deep (comprehensive, cron-scheduled) scan routines. - Defines strict boundaries and fix safety constraints—never modifies skill packages or user data/settings. - Integrates optionally with Vesper (insight proposals), Mentor (escalations), and Corvus (activity modeling). - Offers a command set for scanning, repair, issue management, schedule optimization, and self-updating.
Metadata
Slug ocas-custodian
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Custodian?

Autonomously monitors OpenClaw system health, fixes log errors, initializes skills, registers tasks, and performs overnight maintenance to surface unresolved... It is an AI Agent Skill for Claude Code / OpenClaw, with 93 downloads so far.

How do I install Custodian?

Run "/install ocas-custodian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Custodian free?

Yes, Custodian is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Custodian support?

Custodian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Custodian?

It is built and maintained by Indigo Karasu (@indigokarasu); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments