by 安全扫描
OpenClaw
可疑
high confidenceThe instructions claim to provide a guardian script and reference supporting files, but this package contains only prose and no script or reference files — the guidance also includes destructive operations (git reset --hard) and an optional webhook for external alerts, so you should not run these steps blindly.
评估建议
Do not run the commands in this SKILL.md as-is. The skill claims a guardian script (scripts/guardian.sh) and references/setup docs that are not included — ask the publisher for the actual guardian.sh and references/setup.md and review their full contents before executing. In particular: back up ~/.openclaw/workspace first (git reset --hard can irreversibly discard work), inspect any script for network calls or webhook transmissions before exporting DISCORD_WEBHOOK_URL, and prefer to run the scri...详细分析 ▾
⚠ 用途与能力
The SKILL.md describes copying a concrete script (scripts/guardian.sh) and references files (references/setup.md) that would be required for the skill to function, but the skill bundle contains no code files at all. Asking the user to 'copy from this skill' is inconsistent when no files are provided. The claimed capabilities (automated restart, git rollback, daily snapshots, Discord alerts) would legitimately require a delivered script or tooling; that artifact is missing.
⚠ 指令范围
The instructions tell the operator to run commands that read/modify their ~/.openclaw/workspace, initialize git, perform git reset --hard (rollback), pkill, and modify start scripts to auto-launch the guardian. Those actions are powerful and potentially destructive (git reset --hard will discard uncommitted/local changes). The SKILL.md also references optional DISCORD_WEBHOOK_URL for external alerting; because the actual implementation is absent, it's unclear what data would be sent externally. The instructions grant broad discretionary actions (rollback logic, auto-backups) without providing the code that would implement safeguards.
ℹ 安装机制
No install spec is provided (instruction-only), which minimizes direct installer risk but increases risk here because the SKILL.md promises files to copy that are not bundled. An expectation that the skill will supply scripts is inconsistent with the lack of any install or code artifacts.
⚠ 凭证需求
The registry metadata declares no required env vars, yet the runtime instructions reference DISCORD_WEBHOOK_URL and expect edits to a user's start scripts and workspace location (~/.openclaw/...). The skill does not declare or justify access to these paths or to any external webhook credential; that mismatch reduces transparency and could lead operators to export a webhook without knowing what will be transmitted.
ℹ 持久化与权限
The skill does not request always:true and does not itself modify agent/system config. However the guidance instructs the user to add the guardian to their auto-start scripts or systemd and to alter ~/.openclaw/start-gateway.sh, which grants the guardian persistent presence on the host if the user follows instructions. That persistence is user-controlled (manual edits) but the skill's lack of bundled code means users would be attempting to source a script from an unknown location.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/3/2
Initial release of openclaw-guardian-ultra. - Introduces a standalone bash watchdog (Guardian) to keep OpenClaw Gateway running reliably. - Features automated health monitoring, self-repair via `openclaw doctor --fix`, and git-based workspace rollback. - Adds daily automatic snapshots of the workspace for extra resilience. - Optional Discord webhook alerts for real-time failure notification. - Easy setup with detailed installation and configuration steps. - Designed to prevent downtime from crashes, config corruption, or workspace mistakes.
● 无害
安装命令
点击复制官方npx clawhub@latest install openclaw-guardian-ultra
镜像加速npx clawhub@latest install openclaw-guardian-ultra --registry https://cn.longxiaskill.com