# Send Feelgoodbot to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "feelgoodbot",
    "name": "Feelgoodbot",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/kris-hansen/feelgoodbot",
    "canonicalUrl": "https://clawhub.ai/kris-hansen/feelgoodbot",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/feelgoodbot",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=feelgoodbot",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md",
      "scripts/setup.sh"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "feelgoodbot",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T07:06:57.021Z",
      "expiresAt": "2026-05-06T07:06:57.021Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=feelgoodbot",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=feelgoodbot",
        "contentDisposition": "attachment; filename=\"feelgoodbot-1.1.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "feelgoodbot"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/feelgoodbot"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/feelgoodbot",
    "downloadUrl": "https://openagent3.xyz/downloads/feelgoodbot",
    "agentUrl": "https://openagent3.xyz/skills/feelgoodbot/agent",
    "manifestUrl": "https://openagent3.xyz/skills/feelgoodbot/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/feelgoodbot/agent.md"
  }
}
```
## Documentation

### feelgoodbot 🛡️

Pronounced "Feel good, bot"

macOS file integrity monitor + TOTP step-up authentication for AI agents.

GitHub: https://github.com/kris-hansen/feelgoodbot

⭐ If you find this useful, please star the repo! It helps others discover it.

### Features

File Integrity Monitoring — Detects tampering of system files
TOTP Step-Up Auth — Requires OTP for sensitive agent actions

### Requirements

Go 1.21+ — Install with brew install go
macOS — Uses launchd for daemon

### Quick Setup

# Install via go install
go install github.com/kris-hansen/feelgoodbot/cmd/feelgoodbot@latest

# Initialize baseline snapshot
feelgoodbot init

# Install and start daemon
feelgoodbot daemon install
feelgoodbot daemon start

# Check it's running
feelgoodbot status

### Clawdbot Integration (Alerts)

Enable webhooks:

clawdbot config set hooks.enabled true
clawdbot config set hooks.token "$(openssl rand -base64 32)"
clawdbot gateway restart

Configure ~/.config/feelgoodbot/config.yaml:

scan_interval: 5m
alerts:
  clawdbot:
    enabled: true
    webhook: "http://127.0.0.1:18789/hooks/wake"
    secret: "<hooks.token from clawdbot config get hooks.token>"
  local_notification: true

### What It Monitors

System binaries (/usr/bin, /usr/sbin)
Launch daemons/agents (persistence mechanisms)
SSH authorized_keys, sudoers, PAM
Shell configs (.zshrc, .bashrc)
Browser extensions
AI agent configs (Claude, Cursor)

### Part 2: TOTP Step-Up Authentication

Step-up auth requires the user to enter an OTP code from Google Authenticator before the agent can perform sensitive actions.

### Setup (User runs in terminal)

# Initialize TOTP (shows QR code to scan)
feelgoodbot totp init --account "user@feelgoodbot"

# Verify it works
feelgoodbot totp verify

# Check status
feelgoodbot totp status

### Configure Protected Actions

# List current protected actions
feelgoodbot totp actions list

# Add actions that require step-up
feelgoodbot totp actions add "send_email"
feelgoodbot totp actions add "payment:*"
feelgoodbot totp actions add "delete:*"
feelgoodbot totp actions add "ssh:*"
feelgoodbot totp actions add "publish:*"
feelgoodbot totp actions add "gateway:*"
feelgoodbot totp actions add "voice_call:*"
feelgoodbot totp actions add "message:external"

# Remove an action
feelgoodbot totp actions remove "send_email"

### TOTP Commands

CommandDescriptionfeelgoodbot totp initSet up TOTP with QR codefeelgoodbot totp verify [code]Test a codefeelgoodbot totp statusShow TOTP status and sessionfeelgoodbot totp check <action>Check if action needs step-up, prompt if neededfeelgoodbot totp resetRemove TOTP config (requires code)feelgoodbot totp backup showShow remaining backup codesfeelgoodbot totp backup regenerateGenerate new backup codesfeelgoodbot totp actions listList protected actionsfeelgoodbot totp actions add <action>Add protected actionfeelgoodbot totp actions remove <action>Remove protected actionfeelgoodbot totp respond <code>Submit OTP response (for async flow)

### Session Caching

After successful authentication, a session is cached for 15 minutes (configurable). Subsequent actions within this window don't require re-authentication.

### Agent Integration (IMPORTANT)

Before performing any sensitive action, the agent MUST check step-up requirements.

### Action Mapping

Map your intended actions to step-up patterns:

Agent ActionStep-Up PatternSending emailsend_emailMaking paymentspayment:*Deleting filesdelete:*SSH/remote accessssh:*Publishing codepublish:*Modifying Clawdbot configgateway:*Making phone callsvoice_call:*Messaging external contactsmessage:externalModifying step-up configconfig:update

### Step-Up Check Flow

Before executing a sensitive action:

# Check if action requires step-up (non-interactive check)
feelgoodbot totp check <action>
# Exit code 0 = proceed, Exit code 1 = denied/not authenticated

If session is valid: Command succeeds immediately (exit 0)

If step-up required and no session:

Agent sends Telegram message: "🔐 Action <action> requires step-up. Reply with your OTP code."
Wait for user to reply with 6-digit code
Validate: feelgoodbot totp verify <code>
If valid, create session and proceed
If invalid, deny action and notify user

### Example Agent Flow (Pseudocode)

function performSensitiveAction(action, execute_fn):
    # Check step-up requirement
    result = exec("feelgoodbot totp check " + action)
    
    if result.exit_code == 0:
        # Session valid or action not protected
        execute_fn()
        return success
    
    # Need to prompt user
    send_telegram("🔐 Action '{action}' requires step-up authentication.\\nReply with your OTP code from Google Authenticator.")
    
    code = wait_for_user_reply(timeout=120s)
    
    if code is None:
        send_telegram("⏰ Step-up authentication timed out. Action cancelled.")
        return denied
    
    # Validate the code
    valid = exec("feelgoodbot totp verify " + code)
    
    if valid.exit_code != 0:
        send_telegram("❌ Invalid code. Action cancelled.")
        return denied
    
    # Create session by running check again (it will pass now)
    exec("feelgoodbot totp check " + action)
    
    execute_fn()
    send_telegram("✅ Action completed.")
    return success

### Quick Reference for Agent

Check before these actions:

send_email — Before sending any email
payment:* — Before any financial transaction
delete:* — Before deleting files (delete:file, delete:backup, etc.)
ssh:* — Before SSH connections
publish:* — Before publishing/deploying
gateway:* — Before modifying Clawdbot config
voice_call:* — Before making phone calls
message:external — Before messaging non-owner contacts
config:update — Before modifying step-up config

Commands to use:

# Check and prompt (interactive)
feelgoodbot totp check send_email

# Just validate a code
feelgoodbot totp verify 123456

# Check session status
feelgoodbot totp status

### File Locations

FilePurpose~/.config/feelgoodbot/config.yamlMain config~/.config/feelgoodbot/totp.jsonTOTP secret + backup codes~/.config/feelgoodbot/stepup-config.jsonProtected actions~/.config/feelgoodbot/totp-sessionSession cache~/.config/feelgoodbot/snapshots/File integrity baselines~/.config/feelgoodbot/daemon.logDaemon logs

### Troubleshooting

TOTP code always invalid:

Check system clock is accurate (date)
Ensure you're using the correct authenticator entry
Try a backup code

Step-up not prompting:

Verify action is in protected list: feelgoodbot totp actions list
Check TOTP is initialized: feelgoodbot totp status

Reset everything:

# Reset TOTP (requires valid code or backup code)
feelgoodbot totp reset

# Or manually remove (loses access without backup codes!)
rm ~/.config/feelgoodbot/totp.json
rm ~/.config/feelgoodbot/totp-session

⭐ Like feelgoodbot? Star it on GitHub: https://github.com/kris-hansen/feelgoodbot
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: kris-hansen
- Version: 1.1.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T07:06:57.021Z
- Expires at: 2026-05-06T07:06:57.021Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/feelgoodbot)
- [Send to Agent page](https://openagent3.xyz/skills/feelgoodbot/agent)
- [JSON manifest](https://openagent3.xyz/skills/feelgoodbot/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/feelgoodbot/agent.md)
- [Download page](https://openagent3.xyz/downloads/feelgoodbot)