📦 DeadClaw — 紧急停控
v1.0.1一键切断所有 OpenClaw 智能体:立即终止运行中的代理、暂停定时任务、结束活跃会话并完整记录日志,防止失控或异常行为。
0· 564·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceThe skill broadly matches an emergency-kill purpose, but there are several inconsistencies and risky design choices (undeclared env/config use, extremely broad trigger words, and an autonomous watchdog that can kill processes) that warrant caution before installing.
评估建议
This package appears to implement a real emergency 'kill switch', but exercise caution before installing:
- Inspect the scripts (kill.sh, watchdog.sh, restore.sh, status.sh) yourself or have an admin do so. They perform destructive host actions (kill processes, stop Docker containers, modify crontab). Use --dry-run first.
- The skill reads many environment variables and a network whitelist file that are not declared in the registry metadata. Configure DEADCLAW_WHITELIST, DEADCLAW_WORKSPACE, and...详细分析 ▾
ℹ 用途与能力
The name/description match the included scripts (kill, restore, status, watchdog). However the SKILL.md claims message triggers 'work immediately with no setup' while the scripts rely on the OpenClaw CLI or Docker exec and environment configuration (workspace, whitelist, trigger source). The skill also provides phone/widget setup docs that require a Telegram bot token and chat ID (user-provided), which the registry metadata does not declare. Overall capability aligns with purpose but some operational requirements are under-specified.
⚠ 指令范围
Runtime instructions and included scripts perform high-privilege actions: killing processes, stopping Docker containers, backing up and modifying crontabs, and running docker exec openclaw commands. The SKILL.md and scripts reference environment variables and config files (DEADCLAW_*, OPENCLAW_WORKSPACE, network-whitelist.txt, OPENCLAW_PROCESS_PATTERN, DEADCLAW_TRIGGER_SOURCE) that are not declared in the registry metadata. Trigger words include common terms like 'kill' and '🔴' which are prone to accidental activation. The watchdog auto-triggers kills based on local checks — this grants the skill broad autonomous power over the host.
✓ 安装机制
There is no install spec (instruction-only skill), so nothing is downloaded/executed during installation beyond the skill bundle itself. The code is provided in the skill package (shell scripts), so the attack surface is the scripts' runtime behavior rather than a remote install URL. This is lower-risk than an arbitrary download, but scripts will run on the host when invoked.
⚠ 凭证需求
Registry metadata lists no required environment variables, yet SKILL.md and the scripts read many env vars and config paths (DEADCLAW_MAX_RUNTIME_MIN, DEADCLAW_MAX_TOKENS, DEADCLAW_WHITELIST, DEADCLAW_WORKSPACE, OPENCLAW_PROCESS_PATTERN, DEADCLAW_TRIGGER_SOURCE, DEADCLAW_TRIGGER_METHOD). The phone shortcut docs instruct users to put Telegram bot tokens/chat IDs into device shortcuts (user-controlled), but the skill itself may attempt to use openclaw CLI or docker exec to send messages — which could require platform credentials or access the OpenClaw gateway. The mismatch between declared and used env/config access is a red flag.
ℹ 持久化与权限
always:false (good). The skill includes a long-running watchdog (scripts/watchdog.sh) that, when started, autonomously monitors and can auto-trigger kills. Autonomous invocation (disable-model-invocation:false) is platform default; combined with the watchdog's ability to self-trigger, this increases blast radius. The skill does not declare modifications to other skills' configs, but it does modify system crontabs and manage services — operations that are high-privilege and persistent while the watchdog runs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/2/22
v1.0.1 — Security hardening: input validation for CLI args, log injection prevention, reject overly broad process patterns, validate numeric env vars with safe defaults.
● 无害
安装命令
点击复制官方npx clawhub@latest install deadclaw
镜像加速npx clawhub@latest install deadclaw --registry https://cn.longxiaskill.com