by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's functionality (checkpoints, verify, GC) matches its description, but shipped scripts expect undeclared system dependencies and reference absolute paths (/root/.openclaw) and an external 'memory-palace' binary; plus the verify flow can execute arbitrary commands — these mismatches and broad filesystem assumptions warrant caution.
评估建议
This skill appears to implement the advertised checkpoint/verify/GC features, but there are important mismatches and risks you should consider before installing or running it:
- Missing dependency/declarations: The code expects node, jq, openssl and other common utilities, but the skill metadata lists none. Verify/install those dependencies yourself or run the scripts in an environment where missing dependencies won't cause surprises.
- Review and restrict verify rules: The 'harness verify' me...详细分析 ▾
ℹ 用途与能力
The name/description (checkpointing, verify, GC, progress) align with the provided scripts and documentation. The package also includes helper scripts to initialize/package skills which is plausible for a developer-focused harness. However the implementation relies on system tools (node, jq, openssl, sha256sum) and an external 'memory-palace' component at an absolute path (/root/.openclaw/...), none of which are declared in the skill metadata — this is an incoherence between declared requirements (none) and actual capabilities/dependencies.
⚠ 指令范围
SKILL.md tells the agent to run harness commands that operate on and modify local files (create/restore/delete checkpoints, compress MEMORY.md, run 'harness verify' etc.) — that is expected. But the verify subsystem supports 'command' checks that run arbitrary shell commands (e.g., 'npm run build' via a rule) which means the skill can execute arbitrary commands in the workspace when asked; SKILL.md exposes CLI options that accept JSON rules from the caller. The gc-agent can run as a daemon and will read/write/trim files across .harness and, via memory-palace integration, read MEMORY.md and invoke a node-based archiver. The instructions are not explicit about the required binaries or the fact that verification can execute arbitrary commands — this broad, under-documented power is a risk.
ℹ 安装机制
No install spec is provided (instruction-only), which is lower risk by itself. But the skill ships many executable scripts in-bin and libs; there is no documented dependency list or installer. That means users may run these scripts without realizing they require node/jq/openssl and may call other binaries. No remote download URLs are used in the install spec (none present), so there is no obvious remote-exec install risk, but missing declared dependencies is a usability/security mismatch.
⚠ 凭证需求
The registry metadata declares no required environment variables or credentials, but the runtime code references and uses several environment/config variables and hard-coded paths: OPENCLAW_WORKSPACE, MEMORY_PALACE_BIN, HARNESS_DIR, and defaults to /root/.openclaw/workspace and /root/.openclaw/workspace/skills/memory-palace/bin/memory-palace.js. The scripts also expect and call system tools (node, jq, openssl, sha256sum). Requesting/assuming access to /root/.openclaw (an absolute path outside a project directory) is disproportionate to a tool described as a local workspace harness and could grant access to data outside the immediate project.
ℹ 持久化与权限
always:false (normal). The skill includes a GC agent that can run as a daemon (gc-agent.sh) and create lock/log files under .harness; running it as a background service is optional and under user control. Autonomous model invocation is allowed by default (disable-model-invocation:false) — not an exceptional privilege on the platform, but combined with the ability to run arbitrary commands via verify and to run a daemon, this increases the blast radius if misused. The skill does not assert it will modify other skills' configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.32026/3/28
v1.0.3: Full package with all 10 submodules, .git excluded, clean
● 无害
安装命令 点击复制
官方npx clawhub@latest install openclaw-harness
镜像加速npx clawhub@latest install openclaw-harness --registry https://cn.clawhub-mirror.com
技能文档
Cross-session context tracking, entropy management, and verification closure for AI agents.
Quick Reference
| Command | Description | |||
|---|---|---|---|---|
harness init [--force] | Initialize Harness in current workspace | |||
harness status [-v\ | -j\ | -s] | Show Harness status | |
harness checkpoint create | Create a checkpoint snapshot | |||
harness checkpoint list | List all checkpoints | |||
harness checkpoint restore | Restore to a checkpoint | |||
harness checkpoint delete | Delete a checkpoint | |||
harness verify [--rule ' | Run verification checks | |||
harness gc [--dry-run] [--max-cp N] [--max-age N] [--aggressive] | Entropy cleanup | |||
harness progress show | Show cross-session progress | |||
harness linter [--fix] [--strict] | Lint SOUL/IDENTITY/AGENTS files | |||
harness fix [placeholders\ | whitespace\ | trailing\ | all] | Auto-fix linter issues |
Core Workflow
# 1. Initialize (once per workspace)
harness init# 2. Create checkpoint before risky work
harness checkpoint create "before-refactor"
# 3. Do work, verify
harness verify
# 4. Create another checkpoint when milestone reached
harness checkpoint create "feature-done" --tag "feature"
# 5. Preview cleanup
harness gc --dry-run
# 6. Restore if needed
harness checkpoint restore --force
Safety Rules
- Never deleted: SOUL.md, IDENTITY.md, USER.md, MEMORY.md, AGENTS.md, TOOLS.md, TASKS.md, .harness/
- All deletions logged to
.harness/gc.log - Deleted files archived to
.harness/.trash/before removal
Directory Structure
.harness/ # Harness state root (created by init)
├── .initialized # Init marker (version + timestamp)
├── config.json # Config: max_checkpoints, max_age_days, etc.
├── gc.log # Deletion audit log
├── checkpoints// # Checkpoint snapshots
│ ├── manifest.json # Snapshot manifest
│ └── files/ # Snapshot copies
├── reports/ # Verification reports
├── tasks/ # Task metadata
├── tmp/ # Temp files (GC target)
└── .agent-progress.json # Cross-session progress state
Advanced Usage
Custom verification rules:
harness verify --rule '[{"name":"Build OK","type":"command","path":"npm run build"}]'
Checkpoint management:
harness checkpoint create "label" --tag "v1" --tag "stable"
harness checkpoint show
GC with limits:
harness gc --max-cp 5 # Max 5 checkpoints per task
harness gc --max-age 7 # Delete checkpoints older than 7 days
harness gc --aggressive # Also clean tmp/ directory
Progress tracking:
harness progress show
harness progress set-phase "Phase 2"
harness progress add-blocker "Waiting for API key"
Linter and fix:
harness linter --strict # Fail on warnings too
harness linter --fix # Auto-fix issues (creates .orig backups)
harness fix all --dry-run # Preview all auto-fixes
Detailed Reference
For complete documentation, load the relevant reference:
- Architecture & design: See references/architecture.md
- Requirements & acceptance criteria: See references/requirement.md
- Technical knowledge package: See references/knowledge-package.md
- Maintenance guide: See references/maintenance.md
Scripts
This skill includes helper scripts for skill developers:
scripts/init_skill.py— Initialize a new skill from templatescripts/package_skill.py— Package and validate a skill into .skill file
# Create a new skill
python scripts/init_skill.py my-new-skill --path /path/to/output# Package a skill
python scripts/package_skill.py /path/to/skill-folder
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制