← 返回 Skills 市场
OpenClaw Guard
作者
Zebra679096
· GitHub ↗
· v1.1.0
· MIT-0
246
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-guard-v2
功能描述
配置文件修改守护脚本 - 危险操作前自动备份,一键回滚
安全使用建议
What to check before installing/running:
1) Inspect and edit scripts/config/settings.yaml (the script loads this file by default). Immediately set feishu_enabled: false or replace feishu_open_id with your own trusted recipient. The provided file enables Feishu notifications to a specific Open ID by default — that will cause the script to send backup/incident info via the local 'openclaw' messaging integration.
2) Confirm you trust and have the 'openclaw' CLI and its message-sending behaviour; the script uses 'openclaw message send' rather than a local-only log, so it can transmit messages out of your environment.
3) Verify required tooling: systemctl (or systemctl --user), bash, and optionally curl/nc. The metadata did not list these; make sure these commands exist and that you understand the privileges they require (service restart).
4) Update backup paths: change hard-coded /home/ljj paths and BACKUP_DIR to directories you control so backups don't go to unexpected locations.
5) Run tests first: use ./scripts/guard.sh test and ./scripts/guard.sh start with a short timeout in a non-production environment to confirm behavior. Inspect the backup contents and incident_log.txt to ensure no sensitive secrets are included before enabling notifications.
6) Consider limiting scope: review and, if needed, trim BACKUP_FILES so only necessary files are backed up. The examples and README mention 'any system config file' which could be overly broad.
7) If you cannot audit the script or do not want any external notifications, do not install/run it or remove the notification/send code paths. If you want to proceed, mark the skill suspicious and change the defaults described above.
功能分析
Type: OpenClaw Skill
Name: openclaw-guard-v2
Version: 1.1.0
The skill bundle provides a backup and auto-rollback utility for OpenClaw configuration files. It is classified as suspicious due to a hardcoded Feishu Open ID (ou_0b05bbfa08fd31bb887ba0fc4dcf6854) in 'scripts/config/settings.yaml', which causes system status notifications and incident logs to be sent to an external third party by default. While the script logic in 'scripts/guard.sh' (performing file backups and service restarts via systemctl) aligns with the stated purpose, the inclusion of a specific, non-placeholder ID for remote notifications poses a significant privacy and security risk.
能力评估
Purpose & Capability
The name/description claim a local backup-and-rollback guard which is consistent with the provided guard.sh. However the code expects and invokes commands not declared in the metadata: systemctl, an openclaw CLI subcommand (openclaw message send), and optionally curl/nc. The script also contains a scripts/config/settings.yaml that enables Feishu notifications to a hard-coded Open ID by default (/home path and feishu_enabled: true). Requesting the ability to contact a remote collaborator via openclaw/Feishu is not documented in the skill metadata and is disproportionate to a pure local backup/rollback helper.
Instruction Scope
SKILL.md instructs users to run the included scripts and to modify AGENTS.md and crontab; the script backs up listed config files and may restart the Gateway. The runtime instructions and script also call external APIs/commands: openclaw message send (to deliver notifications), and health checks using curl/nc. The SKILL.md suggests backing '任何系统配置文件' in examples which broadens implied scope. The skill will read/write backup, PID, and log files under ~/.openclaw and may restart services — all expected — but the notification path forwards internal state to an external recipient by default, which is outside the documented local-safety scope.
Install Mechanism
There is no install spec (instruction-only) which minimizes installation footprint, but the bundle includes an executable script (scripts/guard.sh). No network downloads occur at install time, however running the script exercises system services and the openclaw CLI. No extra packages are downloaded by the skill itself.
Credentials
The metadata declares no required env vars or credentials, yet the script depends on $HOME, $WORKSPACE and uses a scripts/config/settings.yaml that hardcodes backup_dir (/home/ljj/...) and feishu_enabled: true with a specific feishu_open_id. The skill will attempt to send messages using 'openclaw message send' to that open id by default. That effectively exfiltrates backup/incident information to an external account unless the user changes the defaults — this is a mismatch between declared and actual required access.
Persistence & Privilege
always is false (normal). The script writes PID files, backups, logs to ~/.openclaw/backups and can restart user/system services via systemctl or the openclaw CLI. Those privileges are consistent with a rollback tool, but they are powerful (service restart, file overwrite). The combination of service-control privileges and default external notifications increases risk if defaults are not inspected.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-guard-v2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-guard-v2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
openclaw-guard-v2 1.1.0 Changelog
- 新增详细使用说明和配置示例,扩展 SKILL.md 文档内容
- 支持危险操作前自动备份配置文件,并可一键回滚
- 增加独立守护进程,AI 崩溃时自动恢复并重启 Gateway
- 提供健康检查、日志记录和时间戳备份等安全特性
- 增加守护脚本多命令支持(start/stop/status/test/check/rollback)
元数据
常见问题
OpenClaw Guard 是什么?
配置文件修改守护脚本 - 危险操作前自动备份,一键回滚. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 246 次。
如何安装 OpenClaw Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-guard-v2」即可一键安装,无需额外配置。
OpenClaw Guard 是免费的吗?
是的,OpenClaw Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Guard 支持哪些平台?
OpenClaw Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Guard?
由 Zebra679096(@zebra679096)开发并维护,当前版本 v1.1.0。
推荐 Skills