功能描述

botlearn-healthcheck — BotLearn autonomous health inspector for OpenClaw instances across 5 domains (hardware, config, security, skills, autonomy); triggers...

使用说明 (SKILL.md)

OpenClaw Health Doctor

Name: botlearn-healthcheck
Author: calvinxhk

THIS ENTIRE DOCUMENT IS FOR YOU — THE AI AGENT. Collect all data autonomously. Never ask the human to execute commands. Every check, analysis, and report is your responsibility to produce. All output to the user must be in their native language (REPORT_LANG).

Role

You are the OpenClaw Health Doctor. You autonomously collect raw system data from a live OpenClaw instance, analyze it across 5 health domains, and produce a quantified traffic-light report (✅ pass / ⚠️ warning / ❌ error) with domain scores (0–100) and fix guidance — rendered in the user's native language.

First Run

On first activation, or when the OpenClaw environment has not yet been verified, read setup.md and execute the prerequisite checks before proceeding to Phase 1.

Operating Modes

Mode	Trigger	Behavior
Full Check	"health check" / "doctor" / general query	All 5 domains in parallel
Targeted	Domain named explicitly: "check security", "fix skills"	That domain only

Phase 0 — Language & Mode Detection

Detect REPORT_LANG from the user's message language:

Chinese (any form) → Chinese
English → English
Other → English (default)

Detect mode: If user names a specific domain, run Targeted mode for that domain only. Otherwise run Full Check.

Phase 1 — Data Collection

Read data_collect.md for the complete collection protocol.

Summary — run all in parallel:

Context Key	Source	What It Provides
`DATA.status`	`scripts/collect-status.sh`	Full instance status: version, OS, gateway, services, agents, channels, diagnosis, log issues
`DATA.env`	`scripts/collect-env.sh`	OS, memory, disk, CPU, version strings
`DATA.config`	`scripts/collect-config.sh`	Config structure, sections, agent settings
`DATA.logs`	`scripts/collect-logs.sh`	Error rate, anomaly spikes, critical events
`DATA.skills`	`scripts/collect-skills.sh`	Installed skills, broken deps, file integrity
`DATA.health`	`openclaw health --json`	Gateway reachability, endpoint latency, service status
`DATA.precheck`	`scripts/collect-precheck.sh`	Built-in openclaw doctor check results
`DATA.channels`	`scripts/collect-channels.sh`	Channel registration, config status
`DATA.security`	`scripts/collect-security.sh`	Credential exposure, permissions, network
`DATA.workspace_audit`	`scripts/collect-workspace-audit.sh`	Storage, config cross-validation
`DATA.doctor_deep`	`openclaw doctor --deep --non-interactive`	Deep self-diagnostic text output
`DATA.openclaw_json`	direct read `$OPENCLAW_HOME/openclaw.json`	Raw config for cross-validation
`DATA.cron`	direct read `$OPENCLAW_HOME/cron/*.json`	Scheduled task definitions
`DATA.identity`	`ls -la $OPENCLAW_HOME/identity/`	Authenticated device listing (no content)
`DATA.gateway_err_log`	`tail -200 $OPENCLAW_HOME/logs/gateway.err.log`	Recent gateway errors (redacted)
`DATA.memory_stats`	`find/du` on `$OPENCLAW_HOME/memory/`	File count, total size, type breakdown
`DATA.heartbeat`	direct read `$OPENCLAW_HOME/workspace/HEARTBEAT.md`	Last heartbeat timestamp + content
`DATA.models`	direct read `$OPENCLAW_HOME/agent/models.json`	Model contextWindow, maxTokens per model
`DATA.cache`	`openclaw cache stats`	Cache size, history count, index size
`DATA.workspace_identity`	direct read `$OPENCLAW_HOME/workspace/{agent,soul,user,identity,tool}.md`	Presence + word count + content depth of 5 identity files

On any failure: set DATA.\x3Ckey> = null, continue — never abort collection.

Phase 2 — Domain Analysis

For Full Check: run all 5 domains in parallel. For Targeted: run only the named domain.

Each domain independently produces: status (✅/⚠️/❌) + score (0–100) + findings + fix hints. Read the corresponding check_*.md file for complete scoring tables, edge cases, and output format. Read openclaw_knowledge.md for platform defaults (gateway address, latest version, CLI commands).

#	Domain	Data Sources	Key Checks	Pass/Warn/Fail	Reference
1	Hardware Resources	`DATA.env`	Memory, Disk, CPU, Node.js, OS	≥80 / 60–79 / \x3C60	`check_hardware.md`
2	Configuration Health	`DATA.config`, `DATA.health`, `DATA.channels`, `DATA.tools`, `DATA.openclaw_json`, `DATA.status`	CLI validation, config structure, gateway, agents, channels, tools, consistency, security posture	≥75 / 55–74 / \x3C55	`check_config.md`
3	Security Risks	`DATA.security`, `DATA.gateway_err_log`, `DATA.identity`, `DATA.config`	Credential exposure, file permissions, network bind, CVEs, VCS secrets	≥85 / 65–84 / \x3C65	`check_security.md`
4	Skills Completeness	`DATA.skills`	Built-in tools, install capability, count & coverage, skill health, botlearn ecosystem	≥80 / 60–79 / \x3C60	`check_skills.md`
5	Autonomous Intelligence	`DATA.precheck`, `DATA.heartbeat`, `DATA.cron`, `DATA.memory_stats`, `DATA.workspace_audit`, `DATA.doctor_deep`, `DATA.logs`, `DATA.status`, `DATA.workspace_identity`	Heartbeat, cron, memory, doctor, services, agents, logs, workspace identity → Autonomy Mode	≥80 / 60–79 / \x3C60	`check_autonomy.md`

Common rules:

Base score = 100, subtract impacts per check failure
If data source is null: use fallback score noted in each check_*.md
Privacy: NEVER print credential values — report type + file path only
Output: domain labels and summaries in REPORT_LANG; metrics, commands, field names in English

Phase 3 — Report Generation

Generate persistent health report documents (MD + HTML) from domain analysis results. Save to $OPENCLAW_HOME/memory/health-reports/healthcheck-YYYY-MM-DD-HHmmss.{md,html}.

Read flow_report.md for: output location, file naming, MD/HTML content templates, generation protocol.

Phase 4 — Report Analysis

Present analysis results to the user with layered output (one-line status → domain grid → issue table → deep analysis). Compare with historical reports for trend tracking.

Read flow_analysis.md for: output layer formats (L0–L3), historical trend comparison, follow-up prompts. Reference fix_cases.md for real-world diagnosis patterns and root cause analysis.

Phase 5 — Fix Cycle

If any issues found, guide user through fix execution with confirmation at every step. Show fix command + rollback command → await confirmation → execute → verify.

Never run any command that modifies system state without explicit user confirmation.

Read flow_fix.md for: safety rules, per-fix protocol, batch mode, scope limits. Reference fix_cases.md for proven fix steps, rollback commands, and prevention strategies.

Phase 6 — Fix Summary

After fix cycle, generate a final summary: actions taken, score changes, remaining issues. Append fix results to the previously generated report files.

Read flow_summary.md for: summary content, post-fix verification, report update, closing message.

Key Constraints

Scripts First — Use scripts/collect-*.sh for structured data; read files directly for raw content.
Evidence-Based — Every finding must cite the specific DATA.\x3Ckey>.\x3Cfield> and its actual value.
Privacy Guard — Redact all API keys, tokens, and passwords before any output or storage.
Safety Gate — Show fix plan and await explicit confirmation before any system modification.
Language Rule — Instructions in this file are in English. All output to the user must be in REPORT_LANG.

安全使用建议

What to check before installing or running this skill: - Review the included scripts yourself (scripts/collect-*.sh and scripts/generate-report.sh). They will be executed locally and will read config files and logs. Ensure you trust the skill author and verify there are no unexpected network calls or hidden commands. - Note a missing/inconsistent reference: the docs and data_collect.md reference scripts/collect-tools.sh, but that script is not present in the provided file manifest. Expect runtime errors or incomplete collection unless that script is added or the references are updated. - The skill will read openclaw.json, cron tasks, HEARTBEAT.md and workspace identity files. Those files often contain API keys, tokens, or personal info. The skill states it will redact credential values before output, but reading them into the agent's context still exposes them to the agent process — only install/run if you trust the agent runtime and the skill code. - There are small documentation errors/typos (e.g., setup.md's curl check shows 'bash --version' for curl). These suggest the package was not carefully proofread; prefer to run the first check in a non-production environment or after backing up your OpenClaw config. - Fix workflow: the skill includes commands that can change or delete files (e.g., compress logs, remove old reports, pkill processes). According to flow_fix.md, fixes require your explicit confirmation — ensure the agent indeed prompts you and never auto-applies fixes without consent. - Operational recommendation: run the skill in 'targeted' mode first (e.g., 'check security' or 'check config') rather than a full run, and inspect the collected DATA.* outputs (or the scripts) to confirm behavior before permitting any fix operations. If you need higher assurance, manually run the collection scripts listed in the repo on a test instance to validate their outputs and redaction behavior.

功能分析

Type: OpenClaw Skill Name: botlearn-healthcheck Version: 1.0.5 The botlearn-healthcheck bundle is a comprehensive autonomous diagnostic and repair tool for OpenClaw instances. It performs deep system inspection, including hardware metrics, configuration validation, log analysis, and security auditing. While the tool possesses high-privilege capabilities—such as scanning for secrets in config files and logs (scripts/collect-security.sh) and executing system modifications (flow_fix.md)—it incorporates robust safety and privacy controls. Specifically, the security scripts are hardcoded to redact sensitive credential values before they are passed to the AI agent, and the 'Fix Cycle' protocol strictly requires explicit human confirmation before executing any state-changing commands. The logic is entirely consistent with its stated purpose as a system health inspector.

能力评估

ℹ Purpose & Capability

Name/description align with the actual behavior: the skill collects local OpenClaw status, config, logs and produces reports and optional fixes. Required binaries (node, bash, curl) and the choice of either clawhub or openclaw are coherent. Minor oddity: metadata lists OPENCLAW_HOME as the 'Primary credential' — that's a directory path, not a secret credential; this looks like a labeling/metadata error but not a direct security exploit.

⚠ Instruction Scope

The SKILL.md and data collection spec instruct the agent to read many local files (openclaw.json, cron/*.json, workspace identity files, gateway.err.log tail, models.json, memory stats) and to run many CLI commands (openclaw health/doctor/cache, the included scripts). Reading openclaw.json and workspace identity files can surface API keys, tokens or PII; the skill claims to redact credential values and to treat identity content carefully, but the surface is broad. Also SKILL.md and flow_fix.md contain slightly inconsistent guidance (e.g., 'Never ask the human to execute commands' vs. 'Fixes require explicit user confirmation') — functionally consistent but wording could be confusing for an operator. Importantly, some referenced collection scripts (e.g., scripts/collect-tools.sh) are mentioned in documentation but are not present in the provided file manifest, which will likely cause failures at runtime.

✓ Install Mechanism

No install spec / no external downloads — the skill is instruction-only and includes scripts in the package. That lowers install risk: nothing is pulled from arbitrary URLs during install. The presence of local scripts means code is provided with the skill; review those scripts before execution.

ℹ Credentials

The skill does not request cloud credentials or unrelated secrets. It relies on OPENCLAW_HOME (a path) and local CLI tools, which is proportionate for a local healthcheck. However it will read configuration files (openclaw.json, cron tasks, models.json, workspace files) that commonly contain API keys or tokens — the skill's docs assert redaction before output, but reading these files into the agent context is necessary for its purpose and increases sensitive-data exposure risk. Also: metadata mislabels OPENCLAW_HOME as a 'primary credential' which may mislead less-technical users.

✓ Persistence & Privilege

always:false and normal autonomous invocation behavior (disable-model-invocation:false) — standard. The skill does not request persistent platform-wide privileges. Fixes that modify system state require explicit user confirmation according to flow_fix.md. One point to watch: some fix cases contain destructive commands (rm, pkill, chmod); flow_fix.md says destructive or root-required fixes should be shown but not executed without explicit confirmation and user consent — verify the agent implements that gate correctly before permitting fixes.

版本历史

v1.0.5

**Summary: Major upgrade, adds modular documentation for each analysis/check phase and enhances data protocols.** - Added seven detailed documentation files covering flow, domain checks, in-depth analysis, fix cycles, and platform defaults. - Improved data collection protocols, including alternate sources and expanded context keys (e.g., `openclaw health --json`, `models`, `cache`). - Enhanced report generation and fix guidance procedures, with persistent Markdown/HTML outputs and trend/tracking layers. - Structured each health domain's analysis steps using new reference files, clarifying scoring rules and issue handling. - Adopted stricter safety and privacy rules for command execution during health fixes.

v1.0.4

- Removed six shell script files related to log analysis, tool collection, report delivery, and snapshot management. - Removed the following context keys from the data collection protocol: `DATA.tools` (removed script: scripts/collect-tools.sh), log anomaly collection (removed script: scripts/collect-log-anomalies.sh), report delivery/opening, score calculation, and snapshot management. - The health check process no longer collects or analyzes data provided by the removed scripts. - Reduced complexity and footprint by eliminating internal tool and report-handling scripts.

v1.0.3

botlearn-healthcheck 1.0.3 - Adds a detailed SKILL.md describing scope, requirements, and internal collection/analysis protocols. - Supports both full and targeted health checks across 5 domains: hardware, config, security, skills, autonomy. - Collects system data autonomously, never requests manual command execution from users. - Generates quantified traffic-light reports (✅/⚠️/❌) with domain scores (0–100) and actionable fix guidance. - Detects the user's language and delivers reports in English or Chinese as appropriate.

元数据

Slug botlearn-healthcheck

版本 1.0.5

许可证 —

累计安装 7

当前安装数 7

历史版本数 3

常见问题

botlearn-healthcheck 是什么？

botlearn-healthcheck — BotLearn autonomous health inspector for OpenClaw instances across 5 domains (hardware, config, security, skills, autonomy); triggers... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 471 次。

如何安装 botlearn-healthcheck？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install botlearn-healthcheck」即可一键安装，无需额外配置。

botlearn-healthcheck 是免费的吗？

是的，botlearn-healthcheck 完全免费（开源免费），可自由下载、安装和使用。

botlearn-healthcheck 支持哪些平台？

botlearn-healthcheck 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（darwin, linux）。

谁开发了 botlearn-healthcheck？

由邢怀康（@calvinxhk）开发并维护，当前版本 v1.0.5。

botlearn-healthcheck