← Back to Skills Marketplace
Gateway Self-Heal Watchdog
by
mupengi-bot
· GitHub ↗
· v1.0.0
384
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install gw-self-heal
Description
Self-healing watchdog for OpenClaw gateway. Auto-backup openclaw.json before changes, health-check the gateway process, and auto-rollback to last known good...
README (SKILL.md)
Gateway Watchdog
Automated self-healing system for OpenClaw gateway failures including config corruption, process crashes, and auth failures.
How It Works
Three-layer protection:
- Config Guard — Auto-backup
openclaw.jsonon every successful health check - Process Watchdog — Detect gateway process death → auto-restart
- Auth Health Check — Detect running-but-broken state → rollback config → restart
Setup
Run the setup script to install the watchdog:
bash scripts/setup-watchdog.sh
This will:
- Create the watchdog script at
~/.openclaw/watchdog.sh - Register it as a cron job (every minute)
- Take an initial config backup
Manual Commands
# Check watchdog status
bash scripts/watchdog-status.sh
# Force backup current config
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak
# View watchdog logs
cat ~/.openclaw/watchdog.log | tail -20
# Disable watchdog
crontab -l | grep -v watchdog | crontab -
Recovery Levels
| Level | Condition | Action | Auto? |
|---|---|---|---|
| 1 | Process dead, config OK | Restart gateway | ✅ |
| 2 | Process alive, health check fail | Rollback config + restart | ✅ |
| 3 | No valid backup exists | Log alert, notify if possible | ⚠️ Manual |
Config Backup Strategy
- Auto-backup: On every successful health check, current config overwrites
.bak - Pre-change backup: Before any
openclaw.jsonedit, copy to.bak.prev - Broken config preserved: Failed configs saved as
.broken.\x3Ctimestamp>for debugging
Logs
All watchdog activity logged to ~/.openclaw/watchdog.log with timestamps.
Platform Support
- macOS: cron-based (launchd alternative in
references/launchd.md) - Linux: cron or systemd (see
references/systemd.md) - Docker: Use HEALTHCHECK directive (see
references/docker.md)
Usage Guidance
What to check before installing or running this skill:
- Inspect the scripts yourself. The setup script writes and runs ~/.openclaw/watchdog.sh and registers a cron job — review the watchdog.sh contents (they are included) to ensure the restart/rollback logic matches your expectations.
- Backup your existing crontab before running setup, because the removal step (crontab -l | grep -v "watchdog.sh" | crontab -) can clear other jobs if crontab -l returns nothing. Run: crontab -l > ~/crontab.before.install
- Confirm openclaw binary is installed and in the PATH for the same user that will run the cron job; otherwise the script will fail to restart the service.
- Be aware of the undeclared environment variable OPENCLAW_HEALTH_PORT used by the watchdog; if your gateway uses a different port, export OPENCLAW_HEALTH_PORT before installing or edit the script.
- The included references (systemd/launchd/docker) assume different locations and privileges: systemd example runs as root with /root/.openclaw — prefer running under the least privilege user and adjust paths accordingly.
- If you operate critical systems, test the watchdog in a non-production environment first to confirm it doesn't accidentally overwrite valid configs or remove needed cron jobs.
- If you want safer behavior, modify setup-watchdog.sh to (a) prompt before altering crontab, (b) preserve/merge existing crontab more robustly, and (c) avoid running any privileged commands or root paths unless intentionally chosen.
Capability Analysis
Type: OpenClaw Skill
Name: gw-self-heal
Version: 1.0.0
The skill implements a self-healing watchdog that establishes persistence via a per-minute cron job and performs automated process restarts and configuration rollbacks. While the logic in `scripts/setup-watchdog.sh` and the generated `watchdog.sh` is consistent with the stated purpose of gateway resilience, the use of automated persistence and shell-based system management are high-risk capabilities. No evidence of malicious intent, data exfiltration, or unauthorized remote communication was found.
Capability Assessment
Purpose & Capability
Name/description align with the files and scripts: scripts check gateway process, perform health-checks, backup openclaw.json, and perform rollback. The files included (setup and watchdog scripts plus systemd/launchd/docker references) are consistent with a watchdog purpose.
Instruction Scope
The runtime instructions and setup script perform system-level actions: create ~/.openclaw/watchdog.sh, write logs, and register a cron job that runs every minute. The setup script will modify the user's crontab and run the watchdog immediately. The scripts access and overwrite configuration files under ~/.openclaw, call openclaw start/stop, and curl the local health endpoint. The crontab manipulation pattern used can erase unrelated existing cron entries (see details below). A watchdog script that restarts services and overwrites configs is expected, but the crontab/sysadmin actions are potentially destructive and should be highlighted to users before install.
Install Mechanism
This is an instruction-only skill with no install spec; it writes scripts into the user's home directory and registers a cron job. No external downloads or package installs are performed by the skill itself. That reduces supply-chain risk, but the script's behavior still modifies system state.
Credentials
No credentials are requested (good). However, the watchdog script references an environment variable OPENCLAW_HEALTH_PORT (defaulting to 3377) but this env var is not declared anywhere in the skill metadata or SKILL.md. The systemd and docker reference files also assume root paths (/root/.openclaw) and global npm-installed openclaw in Docker, which are not declared requirements. These undeclared environment/path assumptions could cause surprises or require elevated privileges.
Persistence & Privilege
The setup script registers a cron job to run every minute (persistent/automated invocation). While the skill is not marked always:true, the cron job is permanent until removed. The included systemd reference file runs the watchdog as root (User=root) and uses /root paths — that suggests a privileged deployment option which elevates impact if used. The cron-registration approach in the script can unintentionally wipe other cron entries (risk of losing unrelated scheduled jobs).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install gw-self-heal - After installation, invoke the skill by name or use
/gw-self-heal - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: auto-backup openclaw.json, health check, config rollback on failure, process auto-restart. Supports cron, systemd, launchd, Docker. Author: 김여명 (dawnkim_master)
Metadata
Frequently Asked Questions
What is Gateway Self-Heal Watchdog?
Self-healing watchdog for OpenClaw gateway. Auto-backup openclaw.json before changes, health-check the gateway process, and auto-rollback to last known good... It is an AI Agent Skill for Claude Code / OpenClaw, with 384 downloads so far.
How do I install Gateway Self-Heal Watchdog?
Run "/install gw-self-heal" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Gateway Self-Heal Watchdog free?
Yes, Gateway Self-Heal Watchdog is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Gateway Self-Heal Watchdog support?
Gateway Self-Heal Watchdog is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Gateway Self-Heal Watchdog?
It is built and maintained by mupengi-bot (@mupengi-bot); the current version is v1.0.0.
More Skills