Openclaw Mutual Repair

Enables two OpenClaw instances to monitor each other via heartbeat, perform health checks, diagnose issues, and remotely repair for 24/7 stable operation.

This skill broadly matches its description (two-node heartbeat, health checks, and remote repair), but review these items before installing: - Remove or rotate any leaked credentials: PUBLISH.md contains what looks like a Claw-CLI token — treat it as compromised and rotate it. - Audit the full src/index.ts (the provided snippet was truncated) to confirm how repairs are executed (particularly whether it runs ssh/remote commands and with what arguments). If repairs invoke shell commands or SSH, ensure the commands are explicit and limited, and that SSH keys are tightly controlled. - Run the skill in an isolated/staging environment first. The service listens by default on 0.0.0.0:9528 — configure firewalls to restrict access to the peer only and avoid exposing the port to the public internet. - Ensure the host has expected utilities (pm2, nc, ss, ping) and that parsing of their output is robust for your OS; poorly parsed outputs can lead to incorrect diagnoses. - Prefer least privilege: provide only the network connectivity necessary to the configured peer, and do not enable remote-repair until you have confirmed its exact behavior. If you want, I can: 1) search the repo for other potential secrets, 2) try to reconstruct the truncated part if you can provide the rest of src/index.ts, or 3) produce a short checklist of safe configuration and firewall rules for deploying this skill.

Type: OpenClaw Skill Name: openclaw-mutual-repair Version: 1.0.0 The skill implements a 'mutual repair' system that allows two nodes to monitor each other and remotely restart processes. It is classified as suspicious because it uses high-risk functions like `child_process.exec` to run system commands (vulnerable to shell injection via the `remoteHost` configuration in `src/index.ts`) and starts an unauthenticated HTTP server on port 9528 that can trigger remote process restarts. Additionally, `PUBLISH.md` contains a hardcoded CLI token (`clh_wfoNYpWcWq0gNC7X0DfsbL2cW3Ayba7jxmGaNf_3IU0`), which is a significant security oversight. While these capabilities are aligned with the stated purpose, the lack of authentication and input sanitization creates a high risk of unauthorized remote code execution.