← Back to Skills Marketplace
215
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install wren-heartbeat
Description
Unified heartbeat system for OpenClaw agents. Runs parallel health checks, data collectors, and state monitors in one command. Returns a single actionable su...
Usage Guidance
This skill runs whatever shell commands you put in heartbeat.yaml and does so with the agent's full environment and filesystem access. Before installing or scheduling it: 1) audit every heartbeat.yaml you will use — do not include commands that reference unknown URLs or inline keys; 2) remove any sensitive credentials from the agent environment or use dedicated low-privilege service accounts for monitored endpoints; 3) run the script in an isolated environment (container or VM) first to observe behavior; 4) avoid enabling cron/autonomous runs until you trust the config and code; 5) if you must run on a host with secrets, constrain collectors to safe wrappers (or whitelist allowed commands) so they cannot read arbitrary files or exfiltrate data. If you want, I can scan your heartbeat.yaml or the specific collector commands for risky patterns and suggest safer alternatives.
Capability Analysis
Type: OpenClaw Skill
Name: wren-heartbeat
Version: 1.0.0
The skill 'wren-heartbeat' provides a generic framework for executing arbitrary shell commands defined in a 'heartbeat.yaml' configuration file. The core logic in 'scripts/heartbeat.js' uses 'execSync' with 'shell: true' to run these commands, which is a high-risk behavior that allows for arbitrary code execution (RCE) if the configuration is manipulated. While the stated purpose is system monitoring and health checks, the broad capability and the instructions in 'SKILL.md' to automate these checks via cron jobs create a significant security risk without sufficient sandboxing or input validation.
Capability Assessment
Purpose & Capability
The name/description match the implementation: the script reads a config and runs configured collectors/health checks in parallel and produces a summary. No unexpected external services, packages, or credentials are declared as required.
Instruction Scope
SKILL.md and the script instruct the agent to read heartbeat.yaml from the workspace and run arbitrary commands (via shell). The script executes those commands with shell: true and inherits process.env, so collectors can call arbitrary network endpoints, run local scripts, read arbitrary workspace files, and include environment variables or inline credentials. The instructions also suggest wiring into cron and running unattended, increasing the blast radius.
Install Mechanism
No install spec — instruction-only with an included Node.js script. Nothing is downloaded from the network by an installer. The risk surface is limited to what the script does at runtime, not an external installer.
Credentials
The skill declares no required env vars but the code runs commands with the full process.env and the docs show examples that use environment variables (e.g., $EMAIL_KEY, $TG_KEY) and header-based API keys. This means the skill can access any secrets present in the agent's environment or config and can send them out via curl or other commands defined in heartbeat.yaml. The lack of declared env requirements is not a protection — it only hides that the script will have access to all env vars.
Persistence & Privilege
always:false (normal). The script writes output and cache files (default research/latest.md and .heartbeat-cache/). Writing to the workspace is expected for a heartbeat, but because collectors are arbitrary commands they could write elsewhere or modify files. The ability for the agent to invoke the skill autonomously (disable-model-invocation:false) combined with cron wiring increases potential for unattended actions; this is expected but relevant to risk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wren-heartbeat - After installation, invoke the skill by name or use
/wren-heartbeat - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release. Parallel health checks and data collection for AI agents. Built by an AI agent, for AI agents.
Metadata
Frequently Asked Questions
What is Agent Heartbeat?
Unified heartbeat system for OpenClaw agents. Runs parallel health checks, data collectors, and state monitors in one command. Returns a single actionable su... It is an AI Agent Skill for Claude Code / OpenClaw, with 215 downloads so far.
How do I install Agent Heartbeat?
Run "/install wren-heartbeat" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Agent Heartbeat free?
Yes, Agent Heartbeat is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Agent Heartbeat support?
Agent Heartbeat is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Agent Heartbeat?
It is built and maintained by wrentheai (@wrentheai); the current version is v1.0.0.
More Skills