← 返回 Skills 市场

SysClaw Reporting

Name: SysClaw Reporting
Author: mbojer

作者 Morten Bojer · GitHub ↗ · v4.0.0 · MIT-0

cross-platform ⚠ suspicious

291

总下载

当前安装

版本数

在 OpenClaw 中安装

/install sysclaw-reporting

功能描述

Report system issues and submit resource requests to SysClaw via the cross-agent communication system. Use when an agent needs to report an error, warning, o...

安全使用建议

This skill appears to do what it says (submit reports/requests by writing to a PostgreSQL database), but there are important warnings to consider before installing or using it: - Metadata mismatch: The registry declares no required environment variables, but the scripts and SKILL.md require SYSCLAW_DB_HOST/PORT/NAME/USER/PASSWORD (or per-script equivalents). Treat that omission as a red flag and ask the publisher to correct the manifest before use. - Credential safety: The scripts require a DB user + password. Do NOT store high-privilege credentials in plaintext wrapper scripts or crontab entries. If you must run periodic checks, prefer a least-privileged DB account, secure storage for secrets (OS keyring, vault), and avoid embedding passwords in files under /usr/local/bin or crontab lines. - Network security: The scripts connect to a DB host without explicit TLS/sslmode configuration. Ensure connections to the DB are restricted to trusted networks or use SSL/TLS and network-level access controls to protect credentials in transit. - Least privilege: Create a dedicated DB role for reporting with only the necessary INSERT/SELECT/UPDATE privileges on the specific tables used (issues, agent_requests, notifications). Do not reuse admin or broad-privilege DB credentials. - Audit and review the DB schema: Because these scripts write directly to the database, verify the schema, triggers, and any downstream automation that acts on inserted rows (SysClaw may execute approved actions). Ensure you trust the operator(s) who have access to that automation. - Ask the maintainer for clarification: Request an updated registry manifest listing required environment variables and a justification for any suggested persistent cron-install steps. If you cannot verify the SysClaw operator and DB host, do not provide credentials. If you want to proceed, only provide a tightly-scoped DB user with minimal privileges and avoid the suggested plaintext cron wrapper; instead use credential management tooling and secure scheduling mechanisms.

功能分析

Type: OpenClaw Skill Name: sysclaw-reporting Version: 4.0.0 The sysclaw-reporting skill bundle provides a legitimate interface for an AI agent to communicate with a central management system (SysClaw) via a PostgreSQL database. The scripts (check-notifications.sh, report-issue.sh, request-resource.sh) are well-structured, utilize parameterized queries to prevent SQL injection, and include robust error handling with exponential backoff. While the documentation suggests setting up a cron job for automated notification checking, this is a transparently documented feature for polling and does not constitute a stealthy persistence mechanism.

能力评估

⚠ Purpose & Capability

The skill claims to submit reports/requests to 'SysClaw' and the included scripts perform exactly that by writing to a PostgreSQL database (system_comm). Requiring DB host/user/password is consistent with that purpose. However, the registry metadata declares no required environment variables or primary credential while the SKILL.md and scripts clearly require SYSCLAW_DB_* (or per-script overrides). This metadata omission is an incoherence that makes it harder to reason about required secrets before install.

⚠ Instruction Scope

Runtime instructions and the scripts only perform database operations (insert/select/update) and check hostname; they do not call external web endpoints or run arbitrary remote code. However, SKILL.md explicitly instructs operators to place plaintext DB credentials into wrapper scripts and a cron job (e.g., writing a script to /usr/local/bin and adding a crontab entry). That guidance creates a credential exposure risk and broad persistence if followed. The scripts also permit direct SQL usage; while parameterized queries and JSON validation are used, direct DB access still grants substantial power and should be limited to least-privileged accounts.

✓ Install Mechanism

There is no installer that downloads or executes remote code; this is an instruction-only skill with bundled scripts. The only dependency is psycopg2 (installed via pip), which is explicitly called out. No external arbitrary-download or extraction steps are present in the manifest.

⚠ Credentials

The scripts legitimately require SYSCLAW_DB_HOST/PORT/NAME/USER/PASSWORD (or per-script overrides). Those environment variables are proportionate to the function (direct DB access). However, the skill registry lists no required env vars or primary credential, which is inconsistent and dangerous because users may not know it will require database credentials. Additionally, SKILL.md suggests embedding DB_PASSWORD in a system-wide wrapper script and cron, which is disproportionate from a least-privilege and secret-handling perspective.

ℹ Persistence & Privilege

The skill is not force-included (always: false) and does not autonomously modify other skills or global agent settings. The documentation recommends (optional) creating a cron wrapper in /usr/local/bin and writing notifications to workspace memory; these are user-driven persistence steps. They increase exposure if followed, but are not automatic privileges requested by the skill itself.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install sysclaw-reporting
安装完成后，直接呼叫该 Skill 的名称或使用 /sysclaw-reporting 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v4.0.0

Security: parameterized queries (fixed SQL injection), JSON validation. Reliability: 3-attempt retry with exponential backoff, mid-session reconnect. Breaking: now requires psycopg2-binary.

v3.2.0

v3.2.0: Updated workflow - SysClaw executes approved actions, agents receive results. Removed 'proceed with approved action' language.

v3.1.0

v3.1.0: Replaced operator name with generic 'human operator' for portability.

v3.0.0

v3.0.0: Added notification system. New check-notifications.sh script. Auto-notify SysClaw on request submit. Automatic notification checking via cron job. Split server operations to sysclaw-ops skill.

v2.1.0

Add source_host field to issues and agent_requests - tracks originating machine for multi-server deployments

v2.0.1

Remove deprecated request-access.sh script

v2.0.0

Unified request system: new agent_requests table covers access, software, resources, config, service, deployment, info. Agents have INSERT+SELECT only - cannot self-approve. Replaces access_requests table.

v1.0.3

Add post-install section: document credentials in TOOLS.md and test connectivity

v1.0.2

Document sequence grant requirement in db-schema.md; fix for permission denied on issues_id_seq

v1.0.1

Replace hardcoded host IP with placeholder; add instruction to ask operator for credentials

v1.0.0

Initial release - issue reporting and access request system for cross-agent communication

元数据

Slug sysclaw-reporting

版本 4.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 11

常见问题

SysClaw Reporting 是什么？

Report system issues and submit resource requests to SysClaw via the cross-agent communication system. Use when an agent needs to report an error, warning, o... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 291 次。

如何安装 SysClaw Reporting？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sysclaw-reporting」即可一键安装，无需额外配置。

SysClaw Reporting 是免费的吗？

是的，SysClaw Reporting 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

SysClaw Reporting 支持哪些平台？

SysClaw Reporting 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 SysClaw Reporting？

由 Morten Bojer（@mbojer）开发并维护，当前版本 v4.0.0。