← 返回 Skills 市场
Openclaw Health Audit
作者
halfmoon82
· GitHub ↗
· v1.5.0
· MIT-0
450
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-health-audit
功能描述
OpenClaw 系统健康审计与自动修复 — 监控 prompt 体积、Cron 合规、Session 清理、Token 消耗
安全使用建议
This skill appears to do what it says: local inspection of OpenClaw files, optional registration of a 48h health-check cron job, and conservative auto-fixes (cron/session). Before installing, consider: 1) Back up ~/.openclaw/cron/jobs.json and ~/.openclaw/.lib/session_model_state.json so you can revert changes. 2) Run the wizard and health_monitor in --dry-run first (audit_wizard.py offers this). 3) Confirm the agent/system that will execute cron job payloads (the 'agentTurn' payload instructs sending reports via Telegram/Discord) — ensure those outbound connectors and recipients are trusted because reports will contain local audit data. 4) The documentation contains a small contradiction (claims 'Does NOT send data to external servers' yet describes sending via Telegram/Discord); treat reporting as network-capable behavior originating from your configured agent, not from the Python scripts themselves. 5) If you rely on the openclaw CLI for usage-cost, ensure its stored credentials are scoped appropriately. If you want higher assurance, inspect scripts (they are included) and run them in a controlled environment before enabling auto-fix or registering the cron job.
功能分析
Type: OpenClaw Skill
Name: openclaw-health-audit
Version: 1.5.0
The skill performs high-risk operations including modifying OpenClaw Cron jobs (jobs.json) and session state files (session_model_state.json) to perform 'auto-repairs.' It also registers a persistent Cron job for periodic monitoring via audit_wizard.py. While these actions are aligned with the stated purpose of system health auditing and cost optimization, the ability to modify system configuration and state files constitutes a significant attack surface. The scripts health_monitor.py and audit_wizard.py handle these sensitive file operations. No evidence of data exfiltration or unauthorized external network calls was found.
能力评估
Purpose & Capability
The name/description (health audit, cron/session/token checks) match what the code does: it reads ~/.openclaw files (openclaw.json, session_model_state.json, cron jobs), measures prompt file sizes, inspects message-injector/index.ts and pools/session state, and can register/modify a local cron jobs json. No unrelated credentials or cloud APIs are requested by the skill itself.
Instruction Scope
SKILL.md and the scripts explicitly read and (when asked) write local OpenClaw config and cron job files and run local Python scripts — that is expected. Minor inconsistency: SKILL.md's security table says 'Does NOT send data to external servers', but the cron job prompts and documentation instruct the agent to 'send the report to the user (Telegram/Discord)'. The skill itself does not directly implement network exfiltration, but scheduled agent runs or the agent that executes the cron payload can deliver reports over network connectors.
Install Mechanism
No network downloads or package installs. install.sh and the two Python scripts run locally; audit_wizard writes config and optionally appends a cron job to ~/.openclaw/cron/jobs.json. This is a low-risk install mechanism (no remote code fetches or archive extraction).
Credentials
The skill requests no environment variables and no primary credential. It invokes the local 'openclaw' CLI for usage-cost reporting (via subprocess) which is appropriate for token-trend checks; that CLI may itself rely on stored gateway credentials — this is expected for the purpose. No extraneous secrets or unrelated service credentials are requested by the skill.
Persistence & Privilege
always:false and default autonomous invocation are preserved. The skill writes its own config and can register a cron job under ~/.openclaw, which is appropriate for a monitoring tool. It does not modify other skills' code or system-wide settings outside the OpenClaw workspace.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-health-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-health-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.5.0
openclaw-health-audit 1.5.0 introduces security and transparency improvements.
- Added a detailed security & permissions declaration to SKILL.md, clarifying all privileged operations and their scope.
- Added README_CN.md for Chinese documentation and NOTICE.md for legal/compliance information.
- Updated scripts to reflect the new permission model (audit_wizard.py, health_monitor.py).
- Minor updates to configuration and documentation for improved clarity and transparency.
v1.4.0
v1.4.0:新增Category E(LLM缓存配置)/F(Session状态完整性)/G(代码合规G1-G8);同步生产版health_monitor.py;新增设计哲学与演进史README;安装命令更新
v1.0.0
Initial release of openclaw-health-audit:
- Provides system health audit and automated fixes for OpenClaw.
- Monitors prompt size, Cron job compliance, orphaned sessions, and token usage anomalies.
- Generates personalized health reports and enables user-triggered repair actions.
- Supports automated and manual fixes depending on issue type.
- Includes setup wizard for configuration and periodic health monitoring.
- Offers clear commands and report formats for ease of use.
元数据
常见问题
Openclaw Health Audit 是什么?
OpenClaw 系统健康审计与自动修复 — 监控 prompt 体积、Cron 合规、Session 清理、Token 消耗. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 450 次。
如何安装 Openclaw Health Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-health-audit」即可一键安装,无需额外配置。
Openclaw Health Audit 是免费的吗?
是的,Openclaw Health Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openclaw Health Audit 支持哪些平台?
Openclaw Health Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Health Audit?
由 halfmoon82(@halfmoon82)开发并维护,当前版本 v1.5.0。
推荐 Skills