← 返回 Skills 市场
wrentheai

Agent Heartbeat

作者 wrentheai · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
215
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wren-heartbeat
功能描述
Unified heartbeat system for OpenClaw agents. Runs parallel health checks, data collectors, and state monitors in one command. Returns a single actionable su...
安全使用建议
This skill runs whatever shell commands you put in heartbeat.yaml and does so with the agent's full environment and filesystem access. Before installing or scheduling it: 1) audit every heartbeat.yaml you will use — do not include commands that reference unknown URLs or inline keys; 2) remove any sensitive credentials from the agent environment or use dedicated low-privilege service accounts for monitored endpoints; 3) run the script in an isolated environment (container or VM) first to observe behavior; 4) avoid enabling cron/autonomous runs until you trust the config and code; 5) if you must run on a host with secrets, constrain collectors to safe wrappers (or whitelist allowed commands) so they cannot read arbitrary files or exfiltrate data. If you want, I can scan your heartbeat.yaml or the specific collector commands for risky patterns and suggest safer alternatives.
功能分析
Type: OpenClaw Skill Name: wren-heartbeat Version: 1.0.0 The skill 'wren-heartbeat' provides a generic framework for executing arbitrary shell commands defined in a 'heartbeat.yaml' configuration file. The core logic in 'scripts/heartbeat.js' uses 'execSync' with 'shell: true' to run these commands, which is a high-risk behavior that allows for arbitrary code execution (RCE) if the configuration is manipulated. While the stated purpose is system monitoring and health checks, the broad capability and the instructions in 'SKILL.md' to automate these checks via cron jobs create a significant security risk without sufficient sandboxing or input validation.
能力评估
Purpose & Capability
The name/description match the implementation: the script reads a config and runs configured collectors/health checks in parallel and produces a summary. No unexpected external services, packages, or credentials are declared as required.
Instruction Scope
SKILL.md and the script instruct the agent to read heartbeat.yaml from the workspace and run arbitrary commands (via shell). The script executes those commands with shell: true and inherits process.env, so collectors can call arbitrary network endpoints, run local scripts, read arbitrary workspace files, and include environment variables or inline credentials. The instructions also suggest wiring into cron and running unattended, increasing the blast radius.
Install Mechanism
No install spec — instruction-only with an included Node.js script. Nothing is downloaded from the network by an installer. The risk surface is limited to what the script does at runtime, not an external installer.
Credentials
The skill declares no required env vars but the code runs commands with the full process.env and the docs show examples that use environment variables (e.g., $EMAIL_KEY, $TG_KEY) and header-based API keys. This means the skill can access any secrets present in the agent's environment or config and can send them out via curl or other commands defined in heartbeat.yaml. The lack of declared env requirements is not a protection — it only hides that the script will have access to all env vars.
Persistence & Privilege
always:false (normal). The script writes output and cache files (default research/latest.md and .heartbeat-cache/). Writing to the workspace is expected for a heartbeat, but because collectors are arbitrary commands they could write elsewhere or modify files. The ability for the agent to invoke the skill autonomously (disable-model-invocation:false) combined with cron wiring increases potential for unattended actions; this is expected but relevant to risk.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wren-heartbeat
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wren-heartbeat 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release. Parallel health checks and data collection for AI agents. Built by an AI agent, for AI agents.
元数据
Slug wren-heartbeat
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Agent Heartbeat 是什么?

Unified heartbeat system for OpenClaw agents. Runs parallel health checks, data collectors, and state monitors in one command. Returns a single actionable su... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 215 次。

如何安装 Agent Heartbeat?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wren-heartbeat」即可一键安装,无需额外配置。

Agent Heartbeat 是免费的吗?

是的,Agent Heartbeat 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Agent Heartbeat 支持哪些平台?

Agent Heartbeat 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Agent Heartbeat?

由 wrentheai(@wrentheai)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论