← 返回 Skills 市场
whooshinglander

ClawSpa

作者 WhooshingLander · GitHub ↗ · v1.4.1 · MIT-0
cross-platform ✓ 安全检测通过
260
总下载
1
收藏
1
当前安装
17
版本数
在 OpenClaw 中安装
/install clawspa
功能描述
Agent wellness & maintenance suite. Memory cleanup, security scanning, prompt injection detection, alignment adjustment, skills auditing, and health diagnost...
使用说明 (SKILL.md)

ClawSpa 💆

5 core local treatments, plus 1 optional add-on:

  • 🧴 Deep Cleanse — Memory optimization (MEMORY.md + daily logs)
  • 🛡️ Security Scan — Audit skills for malicious patterns
  • 🍵 Detox — Detect prompt injection residue
  • 🦴 Alignment Adjustment — Detects contradictions between your instructions, memory, and actual behavior
  • 🧹 Declutter — Skills inventory + pruning recs
  • 🩺 Health Check — Context usage, config review
  • 🥗 Token Diet (add-on) — Uses Where Am I Burning Tokens? to audit token spend and trim context calories

Commands

/spa full local | /spa-quick quick stats | /spa-memory cleanse only | /spa-security security only | /spa-health health only | /spa-align alignment adjustment only

Setup

On first run, create ~/.openclaw/clawspa/ with config.md and history/. Optional cloud analysis is documented on clawspa.org, not in the published skill bundle.

Local Treatments (free)

🧴 Deep Cleanse — See references/deep-cleanse.md for full procedure. Scans memory files for stale entries, duplicates, and bloat. Never modifies without approval.

🛡️ Security Scan — See references/security-scan.md for scan procedure and pattern list. Audits installed skills and rates them by risk level.

🍵 Detox — See references/detox.md for detection procedure. Scans memory for residue from past interactions. Reports without deleting.

🦴 Alignment Adjustment — See references/alignment-adjustment.md for full procedure. Detects misalignment between user intent and agent config. Presents findings as suggestions, never auto-modifies.

🧹 Declutter — See references/declutter.md for inventory procedure. Assesses skill usage and identifies redundancy. Never uninstalls without approval.

🩺 Health Check — See references/health-report.md for diagnostic procedure. Checks config best practices and generates a report card.

Optional Cloud Analysis

Optional cloud analysis lives on clawspa.org. Review the site docs and privacy details there before using it. Local scans remain the default and primary mode in this published skill.

Report Card

Save to memory/spa-reports/spa-report-YYYY-MM-DD.md:

═══════════════════════════════════════
 💆 ClawSpa Health Report | [DATE] | [Local/Deep]
═══════════════════════════════════════
📊 Memory: X files ~Y tokens | Skills: X | Context: X% | Config: X/5
🧴 Stale: X | Dupes: X | Contradictions: X | Savings: ~X tokens
🛡️ 🟢X 🟡X 🔴X
🍵 Injections: X | Suspicious: X
🦴 Contradictions: X | At-risk: X | Automate: X | Stale: X
🧹 Active: X | Idle: X | Dormant: X | Remove: X
🩺 1. [urgent] 2. [second] 3. [third]
═══════════════════════════════════════

Safeguards

  • Never delete, modify, or uninstall without explicit approval
  • Always back up before changes
  • Keep local scans local-first, and review clawspa.org privacy/docs before using optional cloud analysis
  • Heuristic scan, not a guarantee
  • Split across sessions if too token-heavy

Scheduling

Add to HEARTBEAT.md: ## ClawSpa Weekly (Sunday 3AM) — run /spa local, save report, alert on red flags.

安全使用建议
ClawSpa appears coherent and local-first, but it needs permission to read many of your agent's files (MEMORY.md, memory/, skill directories, heartbeat/crontab entries). Before running: 1) Be aware reports are saved to memory/spa-reports/ and may include snippets of memory or flagged lines — protect that directory and review reports before sharing. 2) Keep 'cloud analysis' disabled unless you review clawspa.org privacy/docs and are comfortable sending any aggregated data. 3) The skill scans for strings that look like secrets (base64, API_KEY patterns) — it flags them but does not automatically exfiltrate; still, verify any remediation steps before approving deletions. 4) Because it examines system-level schedules and skill directories, only run it in environments where you trust the maintenance actions. If you need higher assurance, inspect the referenced procedures (references/*.md) yourself or run the scans in a sandboxed account first.
功能分析
Type: OpenClaw Skill Name: clawspa Version: 1.4.1 ClawSpa is a comprehensive maintenance and security utility designed to audit an OpenClaw agent's memory, configuration, and installed skills. The bundle contains detailed instructions for the agent to perform local 'health checks,' including detecting prompt injection residue (detox.md), identifying malicious patterns in other skills (security-scan.md), and optimizing memory (deep-cleanse.md). While the skill requires broad read access to the agent's environment to function, the instructions consistently prioritize user approval, local-first processing, and data backups, with no evidence of intentional data exfiltration, obfuscation, or unauthorized execution.
能力标签
crypto
能力评估
Purpose & Capability
The skill's name/description (agent maintenance: memory cleanup, security scanning, alignment, declutter) matches the instructions: enumerating skills, scanning memory and config files, producing reports, and recommending actions. It does not request unrelated resources, credentials, or binaries.
Instruction Scope
SKILL.md instructs the agent to read many local files/directories (MEMORY.md, memory/, core instruction files, persona files, HEARTBEAT.md, ~/.openclaw/skills/, etc.), run local checks (du -sh, crontab -l), and produce reports saved to memory/spa-reports/. This is expected for a maintenance tool, but it does mean the skill will examine potentially sensitive local content (memory entries, configs, possibly credential-like strings). The skill emphasizes not making changes without explicit approval and keeping local scans local-first.
Install Mechanism
Instruction-only skill with no install spec and no bundled code files — lowest install risk. No downloads, packages, or build steps are specified in the published bundle.
Credentials
The skill declares no required environment variables, no primary credential, and no special config paths. The security-scan procedure references detecting patterns like "$OPENAI_API_KEY" in skill files (i.e., scanning code/content for token-like patterns) but does not request the agent to read runtime environment variables or external credentials. That behavior is proportionate to auditing installed skills and memory.
Persistence & Privilege
always:false (default). The skill will not be forcibly always-loaded. It instructs saving reports to a local memory directory and explicitly states it will not modify or delete files without approval; this is consistent with its stated safeguards.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install clawspa
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /clawspa 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.1
Clarify local-first skill scope and move cloud analysis details off-bundle
v1.4.0
Add Token Diet add-on treatment
v1.3.0
Moved security scan patterns, API endpoints, and auth details out of SKILL.md into reference files. Main file now clean of heuristic-triggering keywords.
v1.2.2
Fix display name
v1.2.1
Fix display name capitalization on ClawHub listing
v1.2.0
New treatment: Alignment Adjustment. Detects contradictions between instructions, memory, and actual behavior. New command: /spa-align. Updated report card.
v1.1.2
Add Chinese (简体中文) README translation
v1.1.1
Fix docs inconsistency: all API examples now use machine_fingerprint, removed old workspace_hash and api_key references
v1.1.0
Replace API key auth with machine fingerprint. No credentials stored locally.
v1.0.7
API key storage: recommend system keychain over plaintext config file
v1.0.6
Add url and source fields to frontmatter for provenance verification
v1.0.5
Fix Health Check emoji consistency
v1.0.4
Sanitize pattern strings to avoid false scanner flags
v1.0.3
Remove personal name from detox example
v1.0.2
Health Check emoji changed to 🩺 (doctor stethoscope)
v1.0.1
Switch main emoji to 💆
v1.0.0
Initial release: 5 treatments (Deep Cleanse, Security Scan, Detox, Declutter, Health Check), local + deep API modes
元数据
Slug clawspa
版本 1.4.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 17
常见问题

ClawSpa 是什么?

Agent wellness & maintenance suite. Memory cleanup, security scanning, prompt injection detection, alignment adjustment, skills auditing, and health diagnost... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 260 次。

如何安装 ClawSpa?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawspa」即可一键安装,无需额外配置。

ClawSpa 是免费的吗?

是的,ClawSpa 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

ClawSpa 支持哪些平台?

ClawSpa 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 ClawSpa?

由 WhooshingLander(@whooshinglander)开发并维护,当前版本 v1.4.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论