self-check

系统自检工具。全面检查环境配置、文件完整性、权限、依赖、API token 等，并汇报问题给出修复建议（但不主动修复）。

This skill appears internally consistent with its purpose: it inspects local OpenClaw workspace files, processes and installed runtimes and only prints findings and suggested commands. Before running: (1) review the script yourself (it's included) to confirm it prints but does not exfiltrate secret values; (2) run it from an account with least privilege needed (avoid running as root) to limit exposure; (3) inspect reported 'fix' commands before pasting them into a shell (they may include sudo/pip/npm operations); (4) because the package source is 'unknown', prefer running it in a test environment or container first if you have sensitive production data. If you want, I can point out exact lines in the script that read specific files/commands to make a more targeted risk review.

Type: OpenClaw Skill Name: self-check Version: 1.0.0 The skill performs system-wide diagnostics using high-risk capabilities, including the execution of numerous shell commands via `subprocess.run(shell=True)` and scanning for sensitive API keys/tokens in environment variables and configuration files. While the script (scripts/self_check.py) appears to follow its stated 'report-only' policy and does not currently exfiltrate data, the logic for discovering secrets and the use of shell execution represent significant security risks. It also suggests a 'curl|bash' command for NVM installation (raw.githubusercontent.com/nvm-sh/nvm) which is a common but risky practice.