← 返回 Skills 市场
ClawDoctor
作者
RelayPlane
· GitHub ↗
· v0.4.11
· MIT-0
233
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install relayplane-clawdoctor
功能描述
Self-healing doctor for OpenClaw. Monitors gateway, crons, sessions, auth, and costs. Sends Telegram alerts. Auto-restarts gateway when it goes down. Use whe...
安全使用建议
This skill appears to do what it claims (monitor OpenClaw and restart the gateway), but there are red flags you should address before installing: 1) Verify the npm package source and repository (review the package code, maintainer, and release history). Do not install a global npm package you can't audit. 2) Confirm the presence and trustworthiness of the 'openclaw' binary on the host; the registry metadata should have declared it. 3) Run clawdoctor in dry-run mode first (clawdoctor start --dry-run) and review its logs/events before enabling auto-heal. 4) When configuring Telegram, restrict the bot permissions and avoid placing tokens in world-readable files; prefer per-service tokens and secrets management. 5) If possible, run the tool under a limited user account or inside a container to reduce blast radius of an arbitrary npm package. Additional information that would raise confidence: a visible package repository or homepage with source code, verifiable package maintainers, and explicit declared requirements (openclaw binary and required env vars) in the registry metadata.
功能分析
Type: OpenClaw Skill
Name: relayplane-clawdoctor
Version: 0.4.11
The skill bundle describes a 'self-healing' utility that requires high-risk permissions, including reading sensitive session logs (~/.openclaw/agents/*/sessions/*.jsonl) which may contain PII or secrets, installing persistence via systemd services, and executing system commands. While these actions align with the stated purpose of monitoring and recovery, the broad access to user data and the reliance on an external npm package (clawdoctor) without source visibility pose a significant security risk. The documentation also includes external links to Stripe for paid tiers and a dedicated domain (clawdoctor.dev).
能力评估
Purpose & Capability
The SKILL.md clearly monitors OpenClaw state and takes healing actions (restarting the gateway) — this is coherent with the name/description. However, the skill runtime invokes 'openclaw gateway restart' and reads OpenClaw state/log files, yet the registry metadata only lists 'clawdoctor' as a required binary; 'openclaw' is not declared as a required binary. The SKILL.md also shows examples that accept a Telegram token/chat, but no required env vars or primary credential are declared. These omissions are inconsistent with the described capabilities.
Instruction Scope
Instructions are explicit about reading ~/.openclaw state, sessions, and gateway logs (read-only) and executing a healing command ('openclaw gateway restart'). It also documents non-interactive setup, installing a systemd user service, and starting a long-running daemon. These actions are within the stated monitoring/healing scope, but they grant the tool authority to read local OpenClaw data and restart services — and the docs don't explain exact token storage/handling or whether the agent should pass Telegram credentials via env vs CLI flags.
Install Mechanism
The install spec is 'npm install -g clawdoctor' (global npm package). Installing a third-party npm package globally can execute arbitrary code on the host. The SKILL.md lists a homepage (https://clawdoctor.dev) but the registry metadata shows 'Source: unknown' and no authoritative homepage in the registry entry; the package owner/registry provenance is not clearly verifiable here. This is a moderate-to-high supply-chain risk unless the npm package and its repository are audited.
Credentials
The skill legitimately needs access to OpenClaw's files and the ability to run the 'openclaw' command to heal. It also needs a Telegram bot token/chat ID to send alerts. However, none of these credentials or the 'openclaw' binary are declared in requires.env or requires.bins in the registry metadata. The SKILL.md's examples require a TOKEN and CHATID but the registry doesn't declare or require them — that's a transparency gap.
Persistence & Privilege
The skill can be installed as a persistent systemd user service and run as a daemon that restarts the OpenClaw gateway — this gives it continuous execution and the ability to perform potentially disruptive actions (restarts). The skill does not request 'always: true', but installing the service effectively grants ongoing privileges. Users should recognize the operational impact and verify the package before granting that persistence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install relayplane-clawdoctor - 安装完成后,直接呼叫该 Skill 的名称或使用
/relayplane-clawdoctor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.4.11
Accurate README: all 6 monitors, 5 healers, plan tiers, all commands
v0.4.8
Self-healing monitor for OpenClaw gateways, crons, and agent sessions. Telegram alerts, auto-restart, cost monitoring.
元数据
常见问题
ClawDoctor 是什么?
Self-healing doctor for OpenClaw. Monitors gateway, crons, sessions, auth, and costs. Sends Telegram alerts. Auto-restarts gateway when it goes down. Use whe... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 233 次。
如何安装 ClawDoctor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install relayplane-clawdoctor」即可一键安装,无需额外配置。
ClawDoctor 是免费的吗?
是的,ClawDoctor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ClawDoctor 支持哪些平台?
ClawDoctor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawDoctor?
由 RelayPlane(@relayplane)开发并维护,当前版本 v0.4.11。
推荐 Skills