← Back to Skills Marketplace
3438
Downloads
1
Stars
36
Active Installs
2
Versions
Install in OpenClaw
/install openclaw-ops-guardrails
Description
OpenClaw 运维防呆与排障标准化技能。用于跨设备(Gateway + Mac nodes)巡检、远程执行稳定性治理、CLI-only 兼容、配对/审批异常排查、以及对外发布前脱敏检查。用户提到“又报错了/审批超时/pairing required/system.run failed/如何标准化运维规则”时使用。
Usage Guidance
Install only after reviewing the failure playbook. Do not leave approval prompts disabled, use any full-access mode only temporarily and under supervision, and replace command-line tokens with a safer secret mechanism such as an environment variable, secure prompt, or credential store.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-ops-guardrails
Version: 0.1.1
The skill bundle is designed for operational troubleshooting and includes explicit security-enhancing instructions like `openclaw security audit --deep` and a `Publish Sanitization Checklist`. However, it is classified as 'suspicious' due to the presence of commands that can reduce security controls or leverage powerful tools. Specifically, `references/failure-playbook.md` instructs the agent to set `security=full, ask=off, askFallback=full` to disable approval mechanisms for troubleshooting, which is a significant security control bypass. Additionally, it uses `ssh openclaw-gateway 'hostname; whoami'` for diagnostics, which, while for a stated purpose, involves shell execution via SSH and carries inherent risks if not properly secured or if inputs are compromised. There is no clear evidence of intentional malicious behavior like data exfiltration or backdoor installation.
Capability Assessment
Purpose & Capability
The stated operations and security-audit purpose fits troubleshooting commands, SSH diagnostics, and publish-sanitization guidance, with no evidence of deception or exfiltration.
Instruction Scope
The failure playbook reportedly instructs use of full security with approvals disabled for troubleshooting without clear time limits, prerequisites, or rollback guidance.
Install Mechanism
No installer behavior or package setup evidence indicates hidden persistence, unrelated downloads, or automatic execution beyond the skill documentation.
Credentials
The gateway-token probe pattern puts a sensitive token directly in a command-line example, which can leak through shell history, process listings, or logs.
Persistence & Privilege
Disabling approval prompts while enabling broad execution authority is high-impact and not sufficiently scoped, even though it is framed as troubleshooting.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-ops-guardrails - After installation, invoke the skill by name or use
/openclaw-ops-guardrails - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Hardened sanitization: redact server IPs, domains, API endpoints/paths, callbacks, and identifiers
v0.1.0
Initial release: node exec guardrails, failure playbook, sanitization checklist
Metadata
Frequently Asked Questions
What is OpenClaw Ops Guardrails?
OpenClaw 运维防呆与排障标准化技能。用于跨设备(Gateway + Mac nodes)巡检、远程执行稳定性治理、CLI-only 兼容、配对/审批异常排查、以及对外发布前脱敏检查。用户提到“又报错了/审批超时/pairing required/system.run failed/如何标准化运维规则”时使用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 3438 downloads so far.
How do I install OpenClaw Ops Guardrails?
Run "/install openclaw-ops-guardrails" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Ops Guardrails free?
Yes, OpenClaw Ops Guardrails is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw Ops Guardrails support?
OpenClaw Ops Guardrails is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Ops Guardrails?
It is built and maintained by xyezir (@xyezir); the current version is v0.1.1.
More Skills