← 返回 Skills 市场
Custodian
作者
Indigo Karasu
· GitHub ↗
· v1.0.0
· MIT-0
93
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ocas-custodian
功能描述
Autonomously monitors OpenClaw system health, fixes log errors, initializes skills, registers tasks, and performs overnight maintenance to surface unresolved...
安全使用建议
Custodian's behavior is internally consistent with a system-maintenance role, but it performs high-impact operations: it will read gateway logs and many skill data dirs, edit cron entries, create/rotate JSONL files, and can generate gateway tokens or refresh OAuth. Before installing: (1) verify you trust the source repository (the SKILL.md references a GitHub repo); (2) back up your cron/jobs.json, gateway config, and any critical skill data; (3) run the skill manually (custodian.scan.light / custodian.scan.deep) in a controlled environment to review proposed fixes rather than allowing full autonomous repair; (4) inspect references/known_issues.json and custodian-repair.plan to confirm auto-fix commands are acceptable for your environment; (5) consider disabling autonomous invocation until satisfied, and ensure downstream collaborator skills (Sift, Vesper, Mentor) are also trustworthy. If you want a stricter assessment, provide the actual openclaw binary implementations for 'openclaw doctor/cron' or logs showing how tokens are stored/used — that would raise confidence to high.
功能分析
Type: OpenClaw Skill
Name: ocas-custodian
Version: 1.0.0
The ocas-custodian skill is classified as suspicious due to its high-privilege administrative capabilities, including the ability to modify cron jobs, generate gateway authentication tokens, and execute shell commands for autonomous repairs (SKILL.md, known_issues.json). While these functions support its stated purpose of system maintenance, the broad control over the environment and the potential for shell injection via log-based triggers pose a security risk. Furthermore, the inclusion of a self-update mechanism and a web-search-based learning protocol (README.md) introduces additional supply chain and prompt-injection vectors.
能力评估
Purpose & Capability
Name/description (custodian that monitors logs, cron, skill data and performs Tier 1 fixes) aligns with the instructions and bundled artifacts. It reads/writes OCAS data dirs, skill journals, gateway logs, and edits cron entries and JSONL state files — all expected for a maintenance/repair agent. It does not request unrelated credentials or external services in the registry metadata.
Instruction Scope
SKILL.md explicitly instructs reading many system paths (~/.openclaw, /tmp/openclaw, skill data dirs), tailing logs, editing cron entries, creating directories, rotating JSONL files, running `openclaw doctor`, generating gateway tokens, and performing OAuth refreshes. These actions are coherent with maintenance duties but are high-impact (can change scheduling, create tokens, refresh auth). The skill also has a 'web search pass' and coordinates with other skills (Sift, Vesper, Mentor) which can trigger external network queries. No instructions direct data to unknown remote endpoints or request secrets, but the breadth of file/system access is significant and should be authorized deliberately.
Install Mechanism
This is instruction-only with no install spec or code files to execute; that is the lowest-risk install model. SKILL.md contains an 'install' hint referencing a GitHub repo, but the registry package itself contains the necessary docs and references; no archive downloads or executables are included here.
Credentials
The skill declares no required environment variables or credentials (primary credential: none). However, runtime actions (OAuth refresh, generating gateway token via `openclaw doctor`) will affect authentication state and may rely on existing system tokens/config. It does not explicitly request external credentials, which is proportionate, but the agent will touch authentication artifacts that deserve review because logs or files it reads could contain tokens.
Persistence & Privilege
Flags are default (not always:true) and model invocation is allowed (normal). Custodian is expected to register cron/heartbeat jobs and write into its own data directories; it will also edit the global cron registry and potentially generate gateway/OAuth tokens. Those are normal for a system caretaker, but they are privileged operations — consider whether you want autonomous invocation or prefer manual runs until you trust behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ocas-custodian - 安装完成后,直接呼叫该 Skill 的名称或使用
/ocas-custodian触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of ocas-custodian skill.
- Provides automated detection, classification, and repair of OpenClaw operational failures during quiet hours.
- Supports system health checks, log error fixes, cron failure reviews, skill initialization, and overnight maintenance tasks.
- Includes both light (fast, heartbeat-driven) and deep (comprehensive, cron-scheduled) scan routines.
- Defines strict boundaries and fix safety constraints—never modifies skill packages or user data/settings.
- Integrates optionally with Vesper (insight proposals), Mentor (escalations), and Corvus (activity modeling).
- Offers a command set for scanning, repair, issue management, schedule optimization, and self-updating.
元数据
常见问题
Custodian 是什么?
Autonomously monitors OpenClaw system health, fixes log errors, initializes skills, registers tasks, and performs overnight maintenance to surface unresolved... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 93 次。
如何安装 Custodian?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ocas-custodian」即可一键安装,无需额外配置。
Custodian 是免费的吗?
是的,Custodian 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Custodian 支持哪些平台?
Custodian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Custodian?
由 Indigo Karasu(@indigokarasu)开发并维护,当前版本 v1.0.0。
推荐 Skills