← 返回 Skills 市场
463
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-claw-guard
功能描述
System-level watchdog for OpenClaw gateway restarts and sub-agent task PIDs. Monitors registered PIDs and optional log/directory freshness. Auto-reverts conf...
安全使用建议
Before installing: 1) Review and confirm you trust the author — this will install a persistent user service and a CLI under your home directory. 2) Understand it will copy/restore your ~/.openclaw/openclaw.json from backups and will run systemctl/launchctl to restart the gateway — that's the intended behavior but is powerful, so ensure backups are what you expect. 3) Notifications include snippets of status/journal output and will be sent through your configured OpenClaw channels — verify that those channels are appropriate to receive potential debug output. 4) The installer requires python3 in PATH; it embeds your current PATH into the service environment. If you have concerns about the exact python binary used, inspect/modify install.sh before running. 5) If you need tighter control, consider installing but not enabling ExecStartPre in the gateway service, or run the daemon manually first to observe behavior. If you want more assurance, review the three script files locally (they are small and self-contained) before running the installer.
功能分析
Type: OpenClaw Skill
Name: openclaw-claw-guard
Version: 1.1.0
The OpenClaw ClawGuard skill is classified as suspicious due to its powerful system-level capabilities and reliance on external components, which introduce potential vulnerabilities. The `scripts/install.sh` script installs a persistent user-level service (systemd/launchd) that runs the `scripts/claw-guard.py` daemon. This daemon performs critical actions such as modifying the `~/.openclaw/openclaw.json` configuration file, restarting the OpenClaw gateway service, and sending notifications via the `openclaw` CLI. The `notify` function in `scripts/claw-guard.py` executes `openclaw message send` with user-controlled `target` and `message` arguments. While `subprocess.run` with a list of arguments mitigates direct shell injection, it relies on the `openclaw` CLI being robust against argument injection. Furthermore, sending gateway status, error logs, or journal entries to a user-defined target (a core feature) poses an information disclosure risk if an untrusted target is specified. These capabilities, while aligned with the stated watchdog purpose, represent significant power that could be exploited if the agent or its inputs are compromised, leading to potential system compromise or data leakage, thus warranting a 'suspicious' classification rather than 'benign' or 'malicious'.
能力评估
Purpose & Capability
The skill is a local watchdog that watches PIDs, log/dir mtimes, and gateway restarts. The files and install script operate entirely in the user's home (~/.openclaw and ~/.local/bin) and interact with the system service manager (systemd user unit or launchd) and the 'openclaw' CLI for notifications — all of which align with the described purpose.
Instruction Scope
The SKILL.md and code limit activity to explicitly registered tasks and gateway restart watches. The daemon reads/writes ~/.openclaw/openclaw.json (backups), reads journalctl / launchctl output, and includes small snippets of status/journal in notification messages. That behavior is coherent with 'why the gateway failed' diagnostics, but it means systemd/journal output and parts of the local openclaw config may be sent out via the configured OpenClaw notification targets — review whether those notifications might leak sensitive information to external channels.
Install Mechanism
No remote downloads or package registry installs; install.sh copies local files into the user's home, creates a CLI wrapper in ~/.local/bin, and registers a per-user systemd or launchd agent. This is low-risk compared to fetching/executing remote archives.
Credentials
The skill requires only Python3 to run and uses the user's OpenClaw config file and workspace. It does not request external credentials or unusual environment variables. Notifications are sent via the local 'openclaw' CLI, so sensitive channel configuration depends on the existing OpenClaw setup (not the skill).
Persistence & Privilege
The installer configures and enables a user-level persistent service (systemd user or launchd) that restarts automatically. always:false in the skill metadata. This is expected for a watchdog, but installing gives the skill a persistent background presence in the user's session until the user removes/stop the service.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-claw-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-claw-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Comprehensive SKILL.md: OpenClaw integration guide with ExecStartPre auto-registration, AGENTS.md rules template, end-to-end flow docs, CLI reference table.
v1.0.1
Gateway restart sends to default channel
v1.0.0
Initial release: system-level watchdog for OpenClaw gateway + sub-agent tasks. PID monitoring, log/dir freshness, gateway restart auto-revert. Cross-platform.
元数据
常见问题
ClawGuard 是什么?
System-level watchdog for OpenClaw gateway restarts and sub-agent task PIDs. Monitors registered PIDs and optional log/directory freshness. Auto-reverts conf... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 463 次。
如何安装 ClawGuard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-claw-guard」即可一键安装,无需额外配置。
ClawGuard 是免费的吗?
是的,ClawGuard 完全免费(开源免费),可自由下载、安装和使用。
ClawGuard 支持哪些平台?
ClawGuard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawGuard?
由 camopel(@camopel)开发并维护,当前版本 v1.1.0。
推荐 Skills