← 返回 Skills 市场
ground-control
作者
Jonathan Jing
· GitHub ↗
· v0.3.5
362
总下载
0
收藏
0
当前安装
10
版本数
在 OpenClaw 中安装
/install ground-control
功能描述
Post-upgrade verification system for OpenClaw. Defines a model/cron/channel ground truth file and a 5-phase automated verification flow (config integrity, AP...
使用说明 (SKILL.md)
ground-control
Post-upgrade verification for OpenClaw. Keeps your system honest after every upgrade.
🛠️ Installation
1. Ask OpenClaw (Recommended)
Tell OpenClaw: "Install the ground-control skill." The agent will handle the installation and configuration automatically.
2. Manual Installation (CLI)
If you prefer the terminal, run:
clawhub install ground-control
Permissions & Privileges
This skill requires the following OpenClaw capabilities:
gateway config.get— read current config (all phases)gateway config.patch— auto-fix config drift (Phase 1 only)cron list/cron update— verify and auto-fix cron jobs (Phase 3)sessions_spawn— smoke test sessions (Phase 2, 4, 5)message send— channel liveness test + summary report (Phase 5)
Auto-fix behavior: Phases 1 and 3 will automatically patch config/cron to match GROUND_TRUTH. Use --dry-run to disable auto-fix and get a report-only run.
Security & Redaction: This skill enforces a Zero-Secret Logging protocol.
- Immediate Redaction: Sensitive nodes (
auth,plugins) are stripped from memory after fetching runtime config. - Redacted Drift: Mismatches in sensitive fields are reported as
[REDACTED_SENSITIVE_MISMATCH]. - Functional Validation: API keys are tested through functional calls (Phase 2), never through literal comparison.
- No Persistence: Literal credentials are never written to
memory/files or messaging channels.
Environment variables: None.
When to use
- After running
openclaw updateornpm install -g openclaw@latest - When you suspect config drift (model changed, cron broken, channel down)
- Periodic health check via
/verifycommand
Setup
- Copy
templates/MODEL_GROUND_TRUTH.mdto your workspace root - Fill in your actual config values (models, cron jobs, channels)
- Add the GROUND_TRUTH sync rule to your AGENTS.md (see README)
- Run
/verifyto test
Files
templates/MODEL_GROUND_TRUTH.md— Ground truth template (copy to workspace root)scripts/post-upgrade-verify.md— Agent execution prompt for 5-phase verificationscripts/UPGRADE_SOP.md— Upgrade standard operating procedure
安全使用建议
This skill is internally consistent for post-upgrade verification, but it performs powerful changes (gateway config.patch and cron update). Before installing: 1) Ensure the controlling agent has appropriate, least-privilege permissions; 2) Back up your runtime config; 3) Run the skill in --dry-run / report-only mode first to inspect the drift report and confirm redaction behavior; 4) Confirm the ops channel destination is internal and not an external webhook; 5) Review MODEL_GROUND_TRUTH.md to ensure it contains no secrets or credentials. If you rely on the skill's zero-secret logging, audit its first few runs to verify no secret leakage occurs.
功能分析
Type: OpenClaw Skill
Name: ground-control
Version: 0.3.5
The skill is designed for post-upgrade verification and auto-repair of OpenClaw configurations and cron jobs. While it utilizes powerful capabilities like `gateway config.patch` and `cron update`, the skill's design is heavily security-focused. The `SKILL.md` and `scripts/post-upgrade-verify.md` files contain extensive and explicit 'Zero-Secret Logging Protocol' and 'Immediate Redaction' instructions, directing the AI agent to strip sensitive data from memory, avoid logging credentials, and only perform functional validation of API keys via `sessions_spawn`. Auto-fix actions are guarded with dry-run options and human confirmation prompts. The prompt injection surface is used to enforce security boundaries, not to bypass them, and there is no evidence of intentional harmful behavior, data exfiltration, or obfuscation.
能力评估
Purpose & Capability
The skill's name/description match what it does: 5-phase verification and optional auto-repair of config and cron. The capabilities it needs (read/patch config, list/update cron, spawn sessions, send messages) are coherent and necessary for those features.
Instruction Scope
All runtime instructions are contained to OpenClaw primitives (gateway, cron, sessions_spawn, message). The skill explicitly instructs the agent to redact sensitive nodes (auth/plugins/credentials) and to never log literal secrets. It reads runtime config and writes a non-sensitive report to memory/ and an ops channel (expected). This is scoped appropriately, but it relies on correct runtime enforcement of the redaction rules — a buggy agent implementation could still leak secrets.
Install Mechanism
Instruction-only skill with no install spec and no downloaded code. Lowest-risk install mechanism.
Credentials
The skill declares no environment variables or external credentials. It uses the platform's existing runtime capabilities to probe provider liveness and channels; this is proportional to its stated purpose.
Persistence & Privilege
The skill can auto-patch runtime config and cron (powerful operations). Auto-fix is bounded by guardrails (dry-run, pause if >3 fields changed, logs before/after). Users should ensure the agent has only necessary permissions and that backups are available before enabling auto-fix.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ground-control - 安装完成后,直接呼叫该 Skill 的名称或使用
/ground-control触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.5
Updated version to v0.3.5 with full changelog integration.
v0.3.4
Added simplified installation instructions to SKILL.md for ClawHub display.
v0.3.3
Added simplified installation instructions to README.
v0.3.2
Added Security & Redaction Protocol for zero-secret logging.
v0.3.1
Remove stale curl/env-var references from CHANGELOG and verify script footer, add CHANGELOG v0.3.0 entry, clarify ops channel and memory write scope in Rules section
v0.3.0
Remove all API key/credential handling: Phase 2 now tests LLM providers via sessions_spawn only, no curl, no env vars, no non-LLM provider checks. credentials: none.
v0.2.2
Credential disclosure: added credentials.mode=user-declared in metadata, README Security Model section explaining why env vars are runtime-declared (Terraform analogy), credential handling guardrails table
v0.2.1
Fix credential exfiltration risk: endpoint validation with allowed_domain + HTTPS-only enforcement, explicit env_var naming (no enumeration), skip non-LLM checks when section absent, updated GROUND_TRUTH template with non_llm_providers schema
v0.2.0
Security hardening: explicit permissions/privileges disclosure, Phase 2 curl scope restricted to GROUND_TRUTH-declared providers only (no env enumeration), auto-fix guard rails (dry-run mode, 3-field pause threshold, before/after logging)
v0.1.0
Initial release: 5-phase post-upgrade verification system with auto-repair for config and cron drift
元数据
常见问题
ground-control 是什么?
Post-upgrade verification system for OpenClaw. Defines a model/cron/channel ground truth file and a 5-phase automated verification flow (config integrity, AP... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 362 次。
如何安装 ground-control?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ground-control」即可一键安装,无需额外配置。
ground-control 是免费的吗?
是的,ground-control 完全免费(开源免费),可自由下载、安装和使用。
ground-control 支持哪些平台?
ground-control 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ground-control?
由 Jonathan Jing(@jonathanjing)开发并维护,当前版本 v0.3.5。
推荐 Skills