admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Skills: refine healthcheck guidance

Browse Source
This commit is contained in:
Tak Hoffman
2026-02-03 09:21:34 -06:00
parent 1f2f79a7a7
commit fc40ba8e7e
1 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
skills/healthcheck/SKILL.md
View File

@@ -55,10 +55,11 @@ If you must ask, use non-technical prompts:
- “Is disk encryption turned on (FileVault/BitLocker/LUKS)?” - “Is disk encryption turned on (FileVault/BitLocker/LUKS)?”
- “Are automatic security updates enabled?” - “Are automatic security updates enabled?”
- “How do you use this machine?” - “How do you use this machine?”
1. Personal machine shared with the assistant Examples:
2. Dedicated local machine for the assistant - Personal machine shared with the assistant
3. Dedicated remote machine/server accessed remotely (always on) - Dedicated local machine for the assistant
4. Something else? - Dedicated remote machine/server accessed remotely (always on)
- Something else?
Only ask for the risk profile after system context is known. Only ask for the risk profile after system context is known.
@@ -187,6 +188,14 @@ If the user says yes, ask for:
- cadence (daily/weekly), preferred time window, and output location - cadence (daily/weekly), preferred time window, and output location
- whether to also schedule `openclaw update status` - whether to also schedule `openclaw update status`
Use a stable cron job name so updates are deterministic. Prefer exact names:
- `healthcheck:security-audit`
- `healthcheck:update-status`
Before creating, `openclaw cron list` and match on exact `name`. If found, `openclaw cron edit <id> ...`.
If not found, `openclaw cron add --name <name> ...`.
Also offer a periodic version check so the user can decide when to update (numbered): Also offer a periodic version check so the user can decide when to update (numbered):
1. `openclaw update status` (preferred for source checkouts and channels) 1. `openclaw update status` (preferred for source checkouts and channels)
@@ -215,15 +224,20 @@ Record:
Redact secrets. Never log tokens or full credential contents. Redact secrets. Never log tokens or full credential contents.
## Memory writes (required) ## Memory writes (conditional)
Only write to memory files when the user explicitly opts in and the session is a private/local workspace
(per `docs/reference/templates/AGENTS.md`). Otherwise provide a redacted, paste-ready summary the user can
decide to save elsewhere.
Follow the durable-memory prompt format used by OpenClaw compaction: Follow the durable-memory prompt format used by OpenClaw compaction:
- Write lasting notes to `memory/YYYY-MM-DD.md`. - Write lasting notes to `memory/YYYY-MM-DD.md`.
After each audit/hardening run, append a short, dated summary to `memory/YYYY-MM-DD.md` After each audit/hardening run, if opted-in, append a short, dated summary to `memory/YYYY-MM-DD.md`
(what was checked, key findings, actions taken, any scheduled cron jobs, key decisions, (what was checked, key findings, actions taken, any scheduled cron jobs, key decisions,
and all commands executed). Append-only: never overwrite existing entries. and all commands executed). Append-only: never overwrite existing entries.
Redact sensitive host details (usernames, hostnames, IPs, serials, service names, tokens).
If there are durable preferences or decisions (risk posture, allowed ports, update policy), If there are durable preferences or decisions (risk posture, allowed ports, update policy),
also update `MEMORY.md` (long-term memory is optional and only used in private sessions). also update `MEMORY.md` (long-term memory is optional and only used in private sessions).