← 返回 Skills 市场
kintupercy

DeadClaw

作者 Zen Fox · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
598
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install deadclaw
功能描述
Emergency kill switch for OpenClaw agents. Instantly halts all running agents, pauses scheduled jobs, kills active sessions, and logs everything — triggered...
使用说明 (SKILL.md)

DeadClaw — Emergency Kill Switch for OpenClaw Agents

"One tap. Everything stops."

DeadClaw is a single-purpose emergency kill switch. When triggered, it immediately halts all running OpenClaw agent processes, stops Docker containers, pauses all scheduled cron jobs and heartbeats, kills all active sessions, and writes a timestamped incident log. It then confirms back to whichever surface triggered it.

Works with both native OpenClaw installs and Docker-based deployments (Hostinger VPS, etc.). Auto-detects your setup.

Why DeadClaw Exists

The ClawHavoc attack (February 2026) exposed 1,184 malicious skills in the OpenClaw ecosystem. People run agents autonomously — often overnight, often unattended. When something goes wrong, you need a way to stop everything from wherever you are, even from your phone. DeadClaw is that way.

Activation Methods

DeadClaw supports three activation methods. All three execute the exact same kill sequence — the only difference is how the user triggers it.

Method 1: Message Trigger

The user sends a trigger word to any connected OpenClaw channel (Telegram, WhatsApp, Discord, Slack, or any other connected channel). The following words activate DeadClaw:

  • kill or KILL
  • dead
  • stop everything
  • emergency stop
  • deadclaw
  • 🔴

When a trigger word is detected:

  1. Execute scripts/kill.sh from the DeadClaw skill directory
  2. Capture the output (process count, containers stopped, cron jobs paused, timestamp)
  3. Send confirmation back to the same channel the trigger came from: 🔴 DeadClaw activated. All agents stopped. [timestamp] — [X] killed ([X] processes, [X] containers). [X] cron jobs paused. See deadclaw.log for full report.

Method 2: WebChat Kill Button

A persistent red button rendered in the OpenClaw WebChat dashboard. The HTML widget is located at ui/deadclaw-button.html. It calls kill.sh via OpenClaw's WebChat API hooks (window.OpenClaw.exec()). If the WebChat hooks are unavailable, the button degrades to showing an error message with manual instructions.

To embed the button, use OpenClaw's WebChat customization hooks:

OpenClaw.WebChat.registerWidget('deadclaw-button', {
  src: 'skills/deadclaw/ui/deadclaw-button.html',
  position: 'top-bar',
  persistent: true
});

Method 3: Phone Home Screen Shortcut

A pre-built shortcut that sends the kill trigger message (deadclaw) to the user's configured Telegram bot. Setup guides for iOS and Android are in docs/:

  • docs/iphone-shortcut-guide.md — iOS Shortcuts setup
  • docs/android-widget-guide.md — Android widget setup (Tasker or HTTP Shortcuts)

Watchdog (Passive Protection)

DeadClaw includes a background watchdog (scripts/watchdog.sh) that monitors for dangerous conditions and auto-triggers the kill without any user action.

The watchdog checks every 60 seconds for (after a 5-minute startup grace period):

  1. Runaway loops — Any agent process or Docker session running longer than 30 minutes
  2. Token burn — Token spend exceeding 50,000 tokens in under 10 minutes
  3. Unauthorized network — Outbound network calls to domains not on the user's whitelist
  4. Sandbox escape — Any process attempting to write outside the designated OpenClaw workspace

The watchdog uses zero AI tokens — all checks use local system commands only.

When the watchdog auto-triggers, it sends an alert explaining the reason: 🔴 DeadClaw auto-triggered. Reason: [specific reason]. All processes stopped. Check deadclaw.log.

Watchdog Configuration

The watchdog reads its thresholds from environment variables (with sensible defaults):

Variable Default Description
DEADCLAW_MAX_RUNTIME_MIN 30 Max agent runtime in minutes before auto-kill
DEADCLAW_MAX_TOKENS 50000 Max token spend in the monitoring window
DEADCLAW_TOKEN_WINDOW_MIN 10 Token spend monitoring window in minutes
DEADCLAW_WHITELIST ./network-whitelist.txt Allowed outbound domains (one per line)
DEADCLAW_WORKSPACE $OPENCLAW_WORKSPACE Designated workspace directory

Start the watchdog:

scripts/watchdog.sh start

Stop the watchdog:

scripts/watchdog.sh stop

Additional Commands

Status Check

User sends status to any connected channel. DeadClaw responds with a plain-English health report by executing scripts/status.sh:

  • What agents are currently running (name, PID, uptime)
  • Current token spend rate
  • Whether the watchdog is active
  • Any warnings about approaching thresholds

Restore After Kill

User sends restore to any connected channel. DeadClaw executes scripts/restore.sh, which:

  1. Shows what will be restored (backed-up crontab entries, stopped Docker containers, disabled services)
  2. Prompts: "Restore [X] cron jobs from backup taken at [timestamp]? (yes/no)"
  3. Restores the crontab from the most recent backup
  4. Restarts stopped OpenClaw Docker containers
  5. Detects the OpenClaw gateway
  6. Confirms restoration with a summary

The watchdog does NOT auto-start after restore — the user verifies stability first, then starts it manually with scripts/watchdog.sh start.

Scripts Reference

Script Purpose
scripts/kill.sh Core kill script — stops all agents + Docker containers, pauses cron, logs incident
scripts/watchdog.sh Background monitor daemon — auto-triggers kill on threshold breach
scripts/status.sh Health report — shows running agents, Docker containers, token spend, watchdog status
scripts/restore.sh Post-kill recovery — restores crontab, restarts Docker containers

All scripts support a --dry-run flag that logs what would happen without taking action.

Incident Log

All kill events are logged to deadclaw.log in the skill directory. Each entry records: timestamp, trigger source (channel name), trigger method (message/button/ watchdog/auto), processes killed (count and PIDs), Docker containers stopped, cron jobs paused, and token spend at time of kill. The log is append-only and never automatically cleared.

Platform Support

DeadClaw works on both Linux (VPS, bare metal) and macOS (Mac Mini, MacBook). Scripts auto-detect the OS and use the appropriate commands:

  • Linux: systemctl for services, pgrep for processes, Docker support
  • macOS: launchctl for agents, pgrep for processes, Docker support
安全使用建议
This package appears to implement a real emergency 'kill switch', but exercise caution before installing: - Inspect the scripts (kill.sh, watchdog.sh, restore.sh, status.sh) yourself or have an admin do so. They perform destructive host actions (kill processes, stop Docker containers, modify crontab). Use --dry-run first. - The skill reads many environment variables and a network whitelist file that are not declared in the registry metadata. Configure DEADCLAW_WHITELIST, DEADCLAW_WORKSPACE, and DEADCLAW_* thresholds explicitly before starting the watchdog. - Change or restrict trigger words immediately. Words like "kill" are easy to fire accidentally. Consider requiring a less common passphrase or adding an authorization step before performing destructive actions. - The phone/home-screen shortcuts require storing a Telegram bot token/chat ID on the device — keep these secrets secure. Prefer sending triggers through a locked, private channel and limit which chat IDs can trigger the skill. - Do not start the watchdog until you’ve tested kill/restore with --dry-run and confirmed the scripts only target expected OpenClaw processes (set OPENCLAW_PROCESS_PATTERN if needed). - Because the watchdog can autonomously kill processes, consider leaving it disabled initially or run it with conservative thresholds and monitoring turned on (dry-run mode) until you trust its behavior. If you cannot audit the scripts or you need stricter guarantees, prefer a kill mechanism implemented by the platform (OpenClaw core) with built-in access controls rather than a third-party skill.
功能分析
Type: OpenClaw Skill Name: deadclaw Version: 1.0.1 The 'deadclaw' skill is a legitimate emergency kill switch and monitoring utility for OpenClaw agents. It provides a suite of bash scripts (kill.sh, watchdog.sh, status.sh, restore.sh) designed to terminate runaway processes, stop Docker containers, and pause scheduled tasks (cron/systemd/launchd) upon user request or automated threshold breaches (e.g., excessive token spend or unauthorized network calls). The code is well-documented, includes safety features like dry-run modes and crontab backups, and lacks any indicators of malicious intent, data exfiltration, or unauthorized persistence.
能力评估
Purpose & Capability
The name/description match the included scripts (kill, restore, status, watchdog). However the SKILL.md claims message triggers 'work immediately with no setup' while the scripts rely on the OpenClaw CLI or Docker exec and environment configuration (workspace, whitelist, trigger source). The skill also provides phone/widget setup docs that require a Telegram bot token and chat ID (user-provided), which the registry metadata does not declare. Overall capability aligns with purpose but some operational requirements are under-specified.
Instruction Scope
Runtime instructions and included scripts perform high-privilege actions: killing processes, stopping Docker containers, backing up and modifying crontabs, and running docker exec openclaw commands. The SKILL.md and scripts reference environment variables and config files (DEADCLAW_*, OPENCLAW_WORKSPACE, network-whitelist.txt, OPENCLAW_PROCESS_PATTERN, DEADCLAW_TRIGGER_SOURCE) that are not declared in the registry metadata. Trigger words include common terms like 'kill' and '🔴' which are prone to accidental activation. The watchdog auto-triggers kills based on local checks — this grants the skill broad autonomous power over the host.
Install Mechanism
There is no install spec (instruction-only skill), so nothing is downloaded/executed during installation beyond the skill bundle itself. The code is provided in the skill package (shell scripts), so the attack surface is the scripts' runtime behavior rather than a remote install URL. This is lower-risk than an arbitrary download, but scripts will run on the host when invoked.
Credentials
Registry metadata lists no required environment variables, yet SKILL.md and the scripts read many env vars and config paths (DEADCLAW_MAX_RUNTIME_MIN, DEADCLAW_MAX_TOKENS, DEADCLAW_WHITELIST, DEADCLAW_WORKSPACE, OPENCLAW_PROCESS_PATTERN, DEADCLAW_TRIGGER_SOURCE, DEADCLAW_TRIGGER_METHOD). The phone shortcut docs instruct users to put Telegram bot tokens/chat IDs into device shortcuts (user-controlled), but the skill itself may attempt to use openclaw CLI or docker exec to send messages — which could require platform credentials or access the OpenClaw gateway. The mismatch between declared and used env/config access is a red flag.
Persistence & Privilege
always:false (good). The skill includes a long-running watchdog (scripts/watchdog.sh) that, when started, autonomously monitors and can auto-trigger kills. Autonomous invocation (disable-model-invocation:false) is platform default; combined with the watchdog's ability to self-trigger, this increases blast radius. The skill does not declare modifications to other skills' configs, but it does modify system crontabs and manage services — operations that are high-privilege and persistent while the watchdog runs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install deadclaw
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /deadclaw 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
v1.0.1 — Security hardening: input validation for CLI args, log injection prevention, reject overly broad process patterns, validate numeric env vars with safe defaults.
v1.0.0
v1.0.0 — Initial release. Emergency kill switch for OpenClaw agents. Instantly halts all running agents, stops Docker containers, pauses scheduled jobs, and logs everything. Includes background watchdog for auto-kill on runaway loops, token burn, unauthorized network calls, or sandbox escape. Works on Linux VPS and macOS. Three activation methods: message trigger, WebChat button, phone shortcut.
元数据
Slug deadclaw
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

DeadClaw 是什么?

Emergency kill switch for OpenClaw agents. Instantly halts all running agents, pauses scheduled jobs, kills active sessions, and logs everything — triggered... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 598 次。

如何安装 DeadClaw?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install deadclaw」即可一键安装,无需额外配置。

DeadClaw 是免费的吗?

是的,DeadClaw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

DeadClaw 支持哪些平台?

DeadClaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 DeadClaw?

由 Zen Fox(@kintupercy)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论