chore(workspace): add hardened startup/security workflows and skill suite
This commit is contained in:
zap
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"version": 1,
|
||||
"registry": "https://clawhub.ai",
|
||||
"slug": "openclaw-healthcheck-cron",
|
||||
"installedVersion": "1.0.0",
|
||||
"installedAt": 1772497719586
|
||||
}
|
||||
@@ -0,0 +1,63 @@
|
||||
---
|
||||
name: openclaw-healthcheck-cron
|
||||
description: Create and run a reusable OpenClaw deep healthcheck automation using a cron job plus a script. Use when setting up scheduled OpenClaw health audits, standardizing security/status checks, sanitizing environment-specific values for sharing, and packaging the setup for reuse.
|
||||
---
|
||||
|
||||
# OpenClaw Healthcheck Cron Skill
|
||||
|
||||
Create a portable healthcheck automation that runs on a schedule and reports concise findings.
|
||||
|
||||
## Build the automation
|
||||
|
||||
1. Create a script at `scripts/healthcheck.sh` (or reuse the one in this skill).
|
||||
2. Keep checks read-only by default.
|
||||
3. Write artifacts to `/tmp/openclaw-healthcheck/YYYY-MM-DD/HHMMSS/`.
|
||||
4. Return a compact summary with severity.
|
||||
|
||||
## Create the scheduled job
|
||||
|
||||
Use an isolated cron `agentTurn` job that runs twice daily (example: 6am and 7pm local time):
|
||||
|
||||
- `schedule.kind`: `cron`
|
||||
- `schedule.expr`: `0 6,19 * * *`
|
||||
- `schedule.tz`: set local timezone
|
||||
- `sessionTarget`: `isolated`
|
||||
- `payload.kind`: `agentTurn`
|
||||
- `delivery.mode`: `announce` (or `none` if reporting is handled inside task)
|
||||
|
||||
Use this task pattern:
|
||||
- Execute `bash scripts/healthcheck.sh`
|
||||
- Parse summary line and emit:
|
||||
- Verdict: `OK | MONITOR | NEEDS_ATTENTION`
|
||||
- Counts: passed/warn/fail
|
||||
- Artifact path
|
||||
- Active issues + recommended next action
|
||||
|
||||
## Sanitize before publishing
|
||||
|
||||
Remove or parameterize all local identifiers:
|
||||
|
||||
- Usernames, hostnames, phone numbers, chat IDs
|
||||
- API keys, tokens, webhook URLs
|
||||
- Absolute personal paths (use placeholders or relative paths)
|
||||
|
||||
Replace with variables:
|
||||
|
||||
- `${HEALTHCHECK_OUTPUT_DIR:-/tmp/openclaw-healthcheck}`
|
||||
- `${OPENCLAW_HEALTH_TZ:-America/New_York}`
|
||||
- `${HEALTHCHECK_EXCLUDE:-small model,sandbox,groupPolicy}`
|
||||
|
||||
## Validate
|
||||
|
||||
1. Run script manually once.
|
||||
2. Confirm artifact directory and summary format.
|
||||
3. Run cron job once with `cron run`.
|
||||
4. Verify final message is concise and actionable.
|
||||
|
||||
## Package
|
||||
|
||||
Package as a `.skill` zip containing only:
|
||||
|
||||
- `SKILL.md`
|
||||
- `scripts/healthcheck.sh`
|
||||
- `references/cron-job-example.json`
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"ownerId": "kn79fk2chsvyrdvmrnrj03yzhn7zynfp",
|
||||
"slug": "openclaw-healthcheck-cron",
|
||||
"version": "1.0.0",
|
||||
"publishedAt": 1771457831204
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
{
|
||||
"name": "OpenClaw deep healthcheck (portable)",
|
||||
"schedule": {
|
||||
"kind": "cron",
|
||||
"expr": "0 6,19 * * *",
|
||||
"tz": "${OPENCLAW_HEALTH_TZ:-America/New_York}"
|
||||
},
|
||||
"payload": {
|
||||
"kind": "agentTurn",
|
||||
"message": "Run bash scripts/healthcheck.sh and report verdict, counts, artifact path, and active issues.",
|
||||
"timeoutSeconds": 600
|
||||
},
|
||||
"sessionTarget": "isolated",
|
||||
"delivery": {
|
||||
"mode": "announce"
|
||||
},
|
||||
"enabled": true
|
||||
}
|
||||
@@ -0,0 +1,64 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
OUT_ROOT="${HEALTHCHECK_OUTPUT_DIR:-/tmp/openclaw-healthcheck}"
|
||||
EXCLUDE_RAW="${HEALTHCHECK_EXCLUDE:-small model,sandbox,groupPolicy}"
|
||||
TS="$(date +%H%M%S)"
|
||||
DAY="$(date +%F)"
|
||||
OUT_DIR="${OUT_ROOT}/${DAY}/${TS}"
|
||||
mkdir -p "$OUT_DIR"
|
||||
|
||||
LOG="$OUT_DIR/run.log"
|
||||
SUMMARY_JSON="$OUT_DIR/summary.json"
|
||||
|
||||
# Keep this script read-only.
|
||||
# If your environment has a richer checker, replace this section with that command.
|
||||
|
||||
passed=0
|
||||
warn=0
|
||||
fail=0
|
||||
issues=()
|
||||
|
||||
check_cmd() {
|
||||
local name="$1"
|
||||
shift
|
||||
if "$@" >/dev/null 2>&1; then
|
||||
passed=$((passed+1))
|
||||
echo "PASS: $name" >> "$LOG"
|
||||
else
|
||||
warn=$((warn+1))
|
||||
issues+=("$name")
|
||||
echo "WARN: $name" >> "$LOG"
|
||||
fi
|
||||
}
|
||||
|
||||
{
|
||||
echo "[healthcheck] started: $(date -Is)"
|
||||
echo "[healthcheck] out_dir: $OUT_DIR"
|
||||
echo "[healthcheck] exclude: $EXCLUDE_RAW"
|
||||
} > "$LOG"
|
||||
|
||||
check_cmd "openclaw binary available" command -v openclaw
|
||||
check_cmd "gateway status command" openclaw gateway status
|
||||
check_cmd "openclaw status command" openclaw status
|
||||
|
||||
if [[ $fail -gt 0 ]]; then
|
||||
verdict="NEEDS_ATTENTION"
|
||||
elif [[ $warn -gt 0 ]]; then
|
||||
verdict="MONITOR"
|
||||
else
|
||||
verdict="OK"
|
||||
fi
|
||||
|
||||
cat > "$SUMMARY_JSON" <<EOF
|
||||
{
|
||||
"verdict": "$verdict",
|
||||
"passed": $passed,
|
||||
"warn": $warn,
|
||||
"fail": $fail,
|
||||
"artifact_path": "$OUT_DIR",
|
||||
"issues": [$(printf '"%s",' "${issues[@]:-}" | sed 's/,$//')]
|
||||
}
|
||||
EOF
|
||||
|
||||
echo "VERDICT=$verdict PASSED=$passed WARN=$warn FAIL=$fail ARTIFACT=$OUT_DIR"
|
||||
Reference in New Issue
Block a user