功能描述

OpenClaw operations management center v3 with multilingual support, intelligent descriptions, automatic git-based snapshots, and one-click rollback. Every op...

使用说明 (SKILL.md)

Claw Operations Manager

Name: Claw Operations Manager
Author: a3273283

Complete operational oversight and security control for OpenClaw.

Quick Start

# 1. Initialize the audit system
python3 scripts/init.py

# 2. Start the web dashboard v3 (multilingual)
python3 scripts/server_v3.py
# Visit http://localhost:8080
# Switch language with 🌐 button (EN/ZH/JA/ES/FR/DE)

# 3. Use automatic auditing with snapshots
python3 \x3C\x3C 'EOF'
import sys
sys.path.insert(0, ".")
from scripts.audited_ops import audited_exec

# All commands automatically described + snapshotted
audited_exec("rm important.txt")  # EN: "Deleted ~/Desktop/important.txt"
                                 # ZH: "删除了 ~/Desktop/important.txt"
                                 # JA: "~/Desktop/important.txt を削除しました"

# Rollback anytime from the web UI!
EOF

New in v3.0:

🌐 Multilingual Support - 6 languages: EN, ZH, JA, ES, FR, DE
📝 Intelligent Descriptions - Commands → Human language (auto-translated)
📸 Auto-Snapshots - Git-based snapshots before every operation
🔄 1-Click Rollback - Instant recovery from web UI
🎨 Modern Dashboard - Language switcher, real-time stats

Core Capabilities

1. Operation Audit Logging

Automatic logging of all OpenClaw operations:

Tool calls (exec, read, write, browser, etc.)
Parameters and results
Success/failure status
Execution duration
File changes linked to operations

Usage:

from logger import OperationLogger

logger = OperationLogger()
op_id = logger.log_operation(
    tool_name="exec",
    action="run_command",
    parameters={"command": "ls -la"},
    success=True,
    duration_ms=150
)

2. Permission Management

Define access control rules:

# Check if operation is allowed
allowed, rule = logger.check_permission(
    tool_name="exec",
    action="run_command",
    path="/etc/ssh/sshd_config"
)

if not allowed:
    raise PermissionError(f"Blocked by rule: {rule}")

Default protected paths:

/etc/ssh
/etc/sudoers
~/.ssh
/usr/bin
/usr/sbin

Add custom rules:

INSERT INTO permission_rules (rule_name, tool_pattern, action_pattern, path_pattern, allowed, priority)
VALUES ('protect-my-data', 'write|edit', '*', '/data/*', False, 100);

3. Visual Dashboard

Complete web-based management interface - no command line required!

Features:

Operation Browser: View, search, and filter all operations by type, time, status
Permission Manager: Add, edit, and delete access control rules
Snapshot Manager: Create, compare, and restore system snapshots
Alert Center: View and resolve security alerts
Real-time Statistics: Live dashboard with auto-refresh

Access: http://localhost:8080

All operations can be performed through the graphical interface - no need for command-line tools!

4. File System Monitoring

Monitor protected paths for changes:

python scripts/monitor.py ~/.ssh /etc/ssh /var/log

Tracks:

File modifications
Creations and deletions
Move operations
Hash-based change detection

5. Snapshots & Rollback

Create system state snapshots:

# Create snapshot
python scripts/rollback.py create "before-change" "Snapshot before making changes"

# List snapshots
python scripts/rollback.py list

# Compare snapshots
python scripts/rollback.py compare 1 2

# Restore (dry-run first)
python scripts/rollback.py restore 1 --dry-run

Limitations:

Rollback requires integration with backup system (git, restic, rsync)
Current implementation captures metadata and hashes only
For full restore, integrate with version control or backup tools

Database Schema

Located at: ~/.openclaw/audit.db

Tables:

operations - All tool calls and actions
file_changes - File modifications linked to operations
snapshots - System state snapshots
permission_rules - Access control rules
audit_alerts - Security and compliance alerts

Configuration

Config file: ~/.openclaw/audit-config.json

Key settings:

{
  "retention_days": 90,
  "protected_paths": ["/etc/ssh", "~/.ssh"],
  "snapshots_enabled": true,
  "auto_snapshot_interval_hours": 24,
  "web_ui": {
    "enabled": true,
    "port": 8080
  }
}

API Endpoints

Statistics:

GET /api/stats - Overview statistics

Operations:

GET /api/operations?limit=50&tool=exec - List operations
GET /api/operations/\x3Cid> - Operation details

Alerts:

GET /api/alerts?resolved=false - List alerts
POST /api/alerts/\x3Cid>/resolve - Mark as resolved

Snapshots:

GET /api/snapshots - List all snapshots
POST /api/snapshots - Create new snapshot

Permissions:

GET /api/permissions/rules - List all rules
POST /api/permissions/check - Check operation permission

Security Best Practices

Protect the database:
```
chmod 600 ~/.openclaw/audit.db
```
Review alerts regularly:
- Check dashboard daily
- Investigate high-severity alerts
- Document resolutions
Schedule automatic snapshots:
- Before system updates
- Before major configuration changes
- On a regular schedule (daily/weekly)
Set up retention policy:
- Archive old logs
- Purge records older than retention_days
- Export for compliance reporting

Troubleshooting

Dashboard not loading:

Check if port 8080 is available
Verify Flask is installed: pip install flask watchdog plotly
Check server logs for errors

File monitor not working:

Ensure paths exist and are accessible
Check watchdog installation: pip install watchdog
Verify path permissions

Permission check failing:

Review rules in database: SELECT * FROM permission_rules;
Check rule priorities (higher = more important)
Verify pattern syntax (use fnmatch wildcards)

Integration Examples

Wrap OpenClaw tool calls:

from logger import OperationLogger

logger = OperationLogger()

def safe_exec(command):
    # Check permission
    allowed, rule = logger.check_permission("exec", "run_command", path=None)
    if not allowed:
        raise PermissionError(f"Blocked: {rule}")

    # Log operation
    op_id = logger.log_operation(
        tool_name="exec",
        action="run_command",
        parameters={"command": command}
    )

    # Execute
    try:
        result = subprocess.run(command, shell=True, capture_output=True)
        logger.log_operation_result(op_id, result, success=True)
        return result
    except Exception as e:
        logger.log_operation_result(op_id, None, success=False)
        raise

Advanced Features

Create audit alerts:

logger.create_alert(
    operation_id=op_id,
    alert_type="security",
    severity="high",
    message="Attempted modification of protected file"
)

Get operation statistics:

stats = logger.get_statistics()
print(f"Total: {stats['total_operations']}")
print(f"Success rate: {stats['success_rate']:.2%}")
print(f"Unresolved alerts: {stats['unresolved_alerts']}")

Export data for analysis:

import sqlite3
import pandas as pd

conn = sqlite3.connect("~/.openclaw/audit.db")
df = pd.read_sql_query("SELECT * FROM operations", conn)
df.to_csv("audit_export.csv", index=False)

Dependencies

pip install flask watchdog plotly

For full functionality:

Flask (web UI)
watchdog (file monitoring)
plotly (charts)
sqlite3 (included in Python stdlib)

Notes

Database is created automatically on first run
Web UI runs on port 8080 by default
File monitoring requires write permissions to watched directories
Snapshots store metadata only (not full file contents)
For production use, consider external backup integration

安全使用建议

What to consider before installing or enabling this skill: - The skill includes code that, if you follow its integration steps, will capture and log essentially all tool calls and filesystem changes. This is consistent with an audit tool, but it also means it can see sensitive data (files, command arguments, keys in ~/.ssh, etc.). Only enable monitoring of sensitive paths after reviewing the code. - Metadata omissions: the package metadata claims no required binaries or config paths but the README and scripts expect git, Python, and a workspace under ~/.openclaw (audit.db, snapshots). Verify presence of git and sqlite and be aware the skill will create repositories and a DB in your home directory. - Don't apply global changes immediately. In particular: - Do not add the suggested shell alias to your global shell rc files until you've reviewed audit_wrapper.sh and tested it in a safe environment. - Avoid modifying OpenClaw core execution flow until you've audited the integration code (scripts/auto_audit.py, scripts/audited_ops.py) to ensure it only logs locally and does not transmit data externally. - Inspect network usage: grep the code for outbound network operations (requests, urllib, socket, subprocess calls to curl/wget) and any hard-coded remote endpoints before running the server. If the web UI binds only to localhost that reduces remote exposure, but double-check server code for host/port and CORS or callbacks. - Review data storage and protections: the skill stores audit.db and snapshots under ~/.openclaw. Ensure you understand retention, access controls, and encryption (it recommends chmod 600 for audit.db). Consider placing the workspace in a sandbox/container or on a test machine first. - Test in a sandbox: run the code inside a disposable VM or container, exercise audit and rollback flows, and verify that restores behave as documented and that no data leaves the machine. - If you lack time/expertise: ask for a short code review focusing on server_*.py, audited_ops.py, audit_wrapper.sh, setup_auto_audit.sh, snapshot.py, and any code that handles network I/O or subprocess execution. If those files are audited and acceptable, follow the recommended least-privilege steps: limit monitored paths, avoid auto-integration, and lock down the web UI to localhost with authentication. If you want, I can (a) list the specific files you should inspect first, (b) search the tree for network calls and subprocess exec patterns, or (c) help craft safer integration steps (e.g., run in container, limit paths, enable auth).

功能分析

Type: OpenClaw Skill Name: claw-ops-manager Version: 3.0.0 The bundle implements an 'Operations Manager' for auditing and rollbacks but contains several high-risk behaviors and vulnerabilities. Specifically, `scripts/audit_wrapper.sh` uses `eval` to execute commands, and `scripts/audited_ops.py` utilizes `subprocess.run` with `shell=True`, both of which create significant command injection surfaces. Additionally, `scripts/setup_auto_audit.sh` modifies the user's shell configuration (`.zshrc`) to persist aliases, and the included web servers (e.g., `scripts/server_v3.py`) bind to `0.0.0.0` with `debug=True` enabled, which could allow unauthorized remote access or code execution via the Flask debugger. While these features align with the tool's stated purpose of operational oversight, the lack of input sanitization and insecure default configurations are highly risky.

能力评估

ℹ Purpose & Capability

The name/description (audit, snapshots, rollback, web UI) matches the included scripts and docs: many Python scripts for auditing, snapshot/git management, rollback, and a web dashboard are present. However the registry metadata claims no required binaries or config paths while the runtime docs and code clearly expect/use git, sqlite and a persistent workspace under ~/.openclaw (database, snapshots, web server). That metadata omission is inconsistent and should be treated as an integrity issue.

⚠ Instruction Scope

SKILL.md and INTEGRATION.md instruct the user to: run scripts/init.py and server_v3.py, create shell aliases (audit_wrapper.sh) that wrap arbitrary shell commands, and integrate wrappers into OpenClaw's tool execution to capture 'all tool calls (exec, read, write, browser, etc.)'. Those instructions will cause the skill to observe and record essentially every operation the agent/user performs (including command parameters and file contents implied by file-change tracking). The skill also defaults to monitoring sensitive paths (e.g., ~/.ssh, /etc/ssh). Capturing and storing such broad data is coherent with an audit tool but is high-risk: review the code that implements capture, storage, and any external network operations before enabling automatic integration.

ℹ Install Mechanism

There is no install spec (instruction-only), yet the package contains 15+ executable scripts and web templates. That means files are bundled but nothing is automatically installed — the user is expected to run them. This is lower automatic-execution risk, but because code exists and runtime instructions ask you to run/ integrate them, you should inspect the code. Also SKILL.md references git/restic/rsync for full restores but the package metadata did not declare git as required.

⚠ Credentials

The skill declares no required environment variables or credentials, which is good, but it creates and uses persistent artifacts under the user's home (~/.openclaw: audit.db, snapshots) and suggests monitoring extremely sensitive paths including ~/.ssh and /etc/ssh. The skill will therefore have access to secrets/configuration stored on disk if the user enables monitoring/integration. The metadata omission of required config paths (it uses ~/.openclaw) and required binaries (git) is inconsistent and increases risk because the platform's gating logic may not surface these needs to users.

ℹ Persistence & Privilege

always:false and model invocation is allowed (default). The skill does not request forced inclusion, but the instructions recommend persistent changes to the environment (shell aliases, integration into OpenClaw's execution flow, and running a background web server). Those are user-driven persistence steps — not automatic — but they materially increase the blast radius if enabled. Exercise caution before making the integration changes permanent.

版本历史

v3.0.0

🌐 Major Release v3.0: Multilingual Global Support. Now supports 6 languages (English, Chinese, Japanese, Spanish, French, German) with intelligent auto-translation. Features: (1) Language switcher in web UI, (2) Auto-translated operation descriptions for all languages, (3) Multilingual dashboard and interface, (4) Same powerful snapshot and rollback features, (5) Ready for global teams. Perfect for international users requiring native-language operation logs.

v2.0.0

🎉 Major Release v2.0: Intelligent Chinese descriptions, automatic git-based snapshots, one-click rollback. Every operation is now automatically described in friendly Chinese and snapshotted for instant recovery.

v1.1.0

Major update: Complete web-based management interface with graphical operation browser, permission manager, snapshot controls, and alert center. All operations now accessible through modern UI without command line.

v1.0.0

Initial release - Complete audit logging, permission management, visual dashboard, file monitoring, and snapshot/rollback capabilities for OpenClaw

元数据

Slug claw-ops-manager

版本 3.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题