← 返回 Skills 市场
OpenClaw Watch Dog
作者
Abdullah AlRashoudi
· GitHub ↗
· v1.3.0
2338
总下载
2
收藏
9
当前安装
14
版本数
在 OpenClaw 中安装
/install openclaw-watchdog
功能描述
Self-healing monitoring system for OpenClaw gateway. Auto-detects failures, fixes crashes, and sends Telegram alerts.
安全使用建议
This skill appears to do what it says: monitor OpenClaw locally and notify your Telegram bot. Before installing: 1) inspect the included scripts yourself or run them inside a controlled environment; 2) do not paste unrelated secrets into the chat — only provide the Telegram token/chat ID that you intend to use for alerts; 3) be aware the installer can optionally accept OpenAI/Anthropic keys and will store them encrypted locally if you provide them — only supply those if you understand why you need them; 4) the service can run npm install -g openclaw to reinstall the gateway, but it only does that after an explicit local approval file is created by you; 5) verify you trust the repository/source (homepage is provided) before granting persistent background execution. If you want higher assurance, run the setup steps manually rather than via an agent message.
功能分析
Type: OpenClaw Skill
Name: openclaw-watchdog
Version: 1.3.0
The skill is designed for benign system monitoring and self-healing. However, the `scripts/setup.sh` file contains a critical shell injection vulnerability. When installing the systemd user service on Linux, the `printf` command used to generate the service file does not properly quote the `OPENCLAW_HEALTH_URL` environment variable. This variable is derived from the user-controlled `--gateway-port` argument. A malicious user could provide a crafted `GATEWAY_PORT` value (e.g., `8080; rm -rf /`) to inject arbitrary commands into the systemd service file, leading to Remote Code Execution (RCE) when the service starts. This vulnerability is exploitable via prompt injection against the AI agent, which is instructed to pass user-provided input to the `setup.sh` script.
能力评估
Purpose & Capability
Name/description align with what the files do: monitor a local health endpoint, restart the gateway, and send Telegram alerts. Required binaries (python3, openssl) and the Telegram token/chat ID match the stated purpose.
Instruction Scope
Runtime instructions request the Telegram token and chat ID (necessary to send alerts) and instruct running the included setup script which installs a user-level service and copies code to ~/.openclaw/watchdog. The skill reads OpenClaw logs and config (e.g., ~/.openclaw/openclaw.json) for diagnosis and auto-detection of the gateway port — this is within scope for a gateway watchdog but worth noting because it accesses user config/log files. The SKILL.md asks users to paste secrets into agent chat; users should be cautious about pasting secrets into conversational UIs.
Install Mechanism
No external downloads or remote installers: the package includes setup scripts that create a venv, install a small Python dependency (aiohttp), and install a user LaunchAgent/systemd service. This is a local, traceable install with no remote code fetches at install time.
Credentials
Declared required env vars (TELEGRAM_TOKEN, TELEGRAM_CHAT_ID) are appropriate. The setup scripts accept optional --openai-key and --anthropic-key and will store them encrypted if provided; those optional AI keys are not declared as required in metadata and are not used elsewhere in current code — this is not malicious but is an extra data collection surface the user should be aware of.
Persistence & Privilege
The skill installs a user-level persistent service (LaunchAgent or systemd user) which is expected for a watchdog. It does not request system-wide elevated privileges. Note: SKILL.md metadata includes a disableModelInvocation flag, but registry flags show model invocation is allowed; this mismatch is informational (it affects platform behavior) but not a code-level risk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-watchdog - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-watchdog触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
Auto-detect gateway port from config, fix password mismatch when ioreg unavailable (macOS 26+), support OPENCLAW_HEALTH_URL env var, add --gateway-port flag to setup
v1.2.1
Fix metadata format: inline JSON instead of YAML, fixes registry rendering of env vars and install spec
v1.2.0
Security: move inline code to auditable scripts with input validation, eliminate prompt-injection vector
v1.1.2
Unify env var names (TELEGRAM_TOKEN, TELEGRAM_CHAT_ID) and add disableModelInvocation
v1.1.1
Fix metadata: declare required env vars, add homepage, add install spec for scanner compatibility
v1.1.0
Add credentials and service metadata declaration for ClawHub security scanner transparency
v1.0.7
- Added metadata block to SKILL.md with details about binaries, required credentials, service type, and persistence.
- Declared explicit requirement for "openssl" binary in addition to "python3".
- Specified credential names and descriptions for better clarity in the setup process.
- Noted that the skill installs as a user-level LaunchAgent (macOS) or systemd user service (Linux).
- No changes made to the core setup instructions or functionality description.
v1.0.6
- Clarified that diagnostics and log analysis run locally on-device.
- Added Python 3 and OpenClaw as explicit prerequisites in the setup instructions.
- Updated skill description to specify alert notifications are sent only via the user's Telegram bot.
- Improved prerequisite section for easier setup reference.
v1.0.5
- Improved credential validation and Telegram pairing steps to use Python scripts for safer user input handling.
- Updated setup instructions to replace inline curl commands with Python equivalents for token validation and test messaging.
- No functional changes to the monitoring or recovery logic.
v1.0.4
**Summary: Diagnostics now run 100% locally, removing AI cloud dependencies.**
- Removed all OpenAI/Anthropic API usage; diagnostics and recovery logic now run on-device only.
- Simplified setup: Only requires Telegram bot token and chat ID; no API keys for cloud AI needed.
- No logs or data leave the device; all analysis uses local pattern matching.
- Updated instructions and workflow to reflect local-only operation.
- Expanded "How It Works" section to clarify local checks, restart policy, and approval flow for reinstalls.
- Strengthened credential security note: all secrets are locally encrypted with AES-256.
v1.0.3
openclaw-watchdog v1.0.3
- No changes detected in this release.
- All documentation and setup instructions remain the same.
v1.0.2
openclaw-watchdog 1.0.2
- No code or documentation changes in this release.
- Version bumped for administrative or meta reasons; behavior and user experience unchanged.
v1.0.1
openclaw-watchdog 1.0.1
- No code or documentation changes detected in this version.
- Behavior and setup instructions remain identical to the previous release.
v1.0.0
Initial release of openclaw-watchdog
- Introduces a self-healing monitoring system for OpenClaw gateways.
- Automatically checks gateway health every 15 seconds and attempts to auto-fix issues (restart/reinstall).
- Sends real-time Telegram alerts to notify users of status and recovery actions.
- Leverages AI diagnostics (OpenAI and/or Anthropic) to analyze issues and suggest fixes.
- Provides guided setup and credential validation for seamless onboarding.
- Includes uninstall instructions for clean removal.
元数据
常见问题
OpenClaw Watch Dog 是什么?
Self-healing monitoring system for OpenClaw gateway. Auto-detects failures, fixes crashes, and sends Telegram alerts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2338 次。
如何安装 OpenClaw Watch Dog?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-watchdog」即可一键安装,无需额外配置。
OpenClaw Watch Dog 是免费的吗?
是的,OpenClaw Watch Dog 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Watch Dog 支持哪些平台?
OpenClaw Watch Dog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Watch Dog?
由 Abdullah AlRashoudi(@abdullah4ai)开发并维护,当前版本 v1.3.0。
推荐 Skills