{ "schemaVersion": "1.0", "item": { "slug": "safety-checks", "name": "Safety Checks", "source": "tencent", "type": "skill", "category": "其他", "sourceUrl": "https://clawhub.ai/leegitw/safety-checks", "canonicalUrl": "https://clawhub.ai/leegitw/safety-checks", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/safety-checks", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=safety-checks", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/safety-checks" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/safety-checks", "agentPageUrl": "https://openagent3.xyz/skills/safety-checks/agent", "manifestUrl": "https://openagent3.xyz/skills/safety-checks/agent.json", "briefUrl": "https://openagent3.xyz/skills/safety-checks/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "safety-checks (安全)", "body": "Unified skill for runtime safety verification including model version pinning,\nfallback chain validation, cache staleness detection, and cross-session state checks.\nConsolidates 4 granular skills into a single safety verification suite.\n\nTrigger: 事前検証 (pre-flight) or HEARTBEAT\n\nSource skills: model-pinner, fallback-checker, cache-validator, cross-session-safety-check (from extensions)" }, { "title": "Installation", "body": "openclaw install leegitw/safety-checks\n\nDependencies: leegitw/constraint-engine (for enforcement integration)\n\n# Install with dependencies\nopenclaw install leegitw/context-verifier\nopenclaw install leegitw/failure-memory\nopenclaw install leegitw/constraint-engine\nopenclaw install leegitw/safety-checks\n\nStandalone usage: Model pinning and cache checks work independently.\nFull integration with constraint enforcement requires constraint-engine.\n\nData handling: This skill performs local-only operations. All checks (model version comparison,\ncache age verification, file lock detection) are local file/metadata operations — no data is sent\nto any model, API, or external service. Results are written to output/safety/ in your workspace." }, { "title": "What This Solves", "body": "AI systems can silently degrade — model versions drift, caches go stale, sessions accumulate state. This skill catches these issues before they cause problems:\n\nModel pinning — verify you're using the model you expect\nFallback validation — ensure degraded-mode paths exist and work\nCache checks — detect stale or corrupted cached data\nSession hygiene — identify cross-session state contamination\n\nThe insight: Runtime verification catches what static rules miss. Check the system state, not just the configuration." }, { "title": "Usage", "body": "/sc [arguments]" }, { "title": "Sub-Commands", "body": "CommandCJKLogicTrigger/sc model機種model.version→pinned✓∨drift✗HEARTBEAT/sc fallback代替chain.exists→safe✓∨missing✗HEARTBEAT/sc cache快取response.age>TTL→stale✗HEARTBEAT/sc session会話cross_session.state→clean✓∨interference✗HEARTBEAT" }, { "title": "/sc model", "body": "ArgumentRequiredDescription--expectedNoExpected model version (default: from config)--strictNoFail on any version mismatch" }, { "title": "/sc fallback", "body": "ArgumentRequiredDescription--chainNoSpecific fallback chain to check in config\n\nNote: This command validates that fallback configurations exist in your config file.\nIt does NOT make network calls or test actual connectivity. It's a config file audit." }, { "title": "/sc cache", "body": "ArgumentRequiredDescription--ttlNoTTL in seconds (default: 3600)--clearNoClear stale cache entries" }, { "title": "/sc session", "body": "ArgumentRequiredDescription--check-stateNoCheck for state leakage between sessions--clear-stateNoClear any leaked state" }, { "title": "Configuration", "body": "Configuration is loaded from (in order of precedence):\n\n.openclaw/safety-checks.yaml (OpenClaw standard)\n.claude/safety-checks.yaml (Claude Code compatibility)\nDefaults (built-in)" }, { "title": "Model Version Pinning", "body": "Ensures AI model version matches expected configuration.\n\nHow it works: This skill compares the model version reported in your agent's session\nmetadata (e.g., the model name in API responses or agent headers) against the expected\nversion in your config file. It does NOT call the model API to check — it reads the\nversion string that your agent runtime already exposes.\n\nModel version format: {provider}-{model}-{version}-{date}\n\nExamples:\n\nanthropic-opus-4-5-20251101\nopenai-gpt-4-turbo-20250301\ngoogle-gemini-2-pro-20260101\n\n# .openclaw/safety-checks.yaml\nmodel:\n expected: \"anthropic-opus-4-5-20251101\" # Provider-neutral format\n strict: true\n\nConditionResultVersion matches✓ PinnedVersion differs, strict=false⚠ WarningVersion differs, strict=true✗ Fail" }, { "title": "Fallback Chain Validation", "body": "Config audit only — verifies fallback entries exist in your config file. This does NOT\nmake network calls or test actual connectivity.\n\nChecks that your safety-checks.yaml declares fallback configurations:\n\n# Example config entries this command validates exist:\nfallbacks:\n model: [\"primary-model\", \"fallback-model\", \"cached\"]\n storage: [\"primary-path\", \"backup-path\"]\n\nCheckWhat It ValidatesModel fallbacksConfig lists alternative modelsStorage fallbacksConfig lists backup paths" }, { "title": "Cache Staleness Detection", "body": "Prevents use of outdated cached data:\n\nAgeTTLStatus< TTLAny✓ Fresh> TTLNot critical⚠ Stale warning> TTLCritical✗ Stale fail" }, { "title": "Cross-Session State", "body": "Detects state leakage between sessions:\n\nCheckExact File CheckedRiskFile locks.openclaw/safety-checks.lockResource contentionWorkspace temp filesoutput/safety/temp-*Disk exhaustionSkill config.openclaw/safety-checks.yaml valuesConfiguration drift\n\nScope: Checks are limited to this skill's own files only. This skill does NOT scan\ndirectories, does NOT read other skills' config files, and does NOT access files outside\nthe specific paths listed above." }, { "title": "/sc model output (pinned)", "body": "[MODEL CHECK]\nStatus: ✓ PINNED\n\nExpected: anthropic-opus-4-5-20251101\nActual: anthropic-opus-4-5-20251101\n\nModel version matches configuration." }, { "title": "/sc model output (drift)", "body": "[MODEL CHECK]\nStatus: ✗ VERSION DRIFT\n\nExpected: anthropic-opus-4-5-20251101\nActual: anthropic-opus-4-5-20251201\n\nWARNING: Model version has changed.\nThis may affect behavior consistency.\n\nAction: Update expected version in settings, or investigate change." }, { "title": "/sc fallback output", "body": "[FALLBACK CHECK]\nStatus: ✓ CONFIGURED\n\nConfig file: .openclaw/safety-checks.yaml\n\nFallback entries found:\n ✓ model.fallbacks: 3 entries defined\n ✓ storage.fallbacks: 2 entries defined\n\nNote: This validates config entries exist, not actual connectivity.\n ✓ Tertiary (memory) - 4GB free" }, { "title": "/sc cache output", "body": "[CACHE CHECK]\nStatus: ⚠ STALE ENTRIES FOUND\n\nCache Statistics:\n Total entries: 156\n Fresh (< 1h): 142\n Stale (> 1h): 14\n Critical stale: 0\n\nStale entries:\n - api_response_auth (age: 2h 15m)\n - user_preferences (age: 1h 30m)\n - ...\n\nAction: Run /sc cache --clear to remove stale entries." }, { "title": "/sc session output (clean)", "body": "[SESSION CHECK]\nStatus: ✓ CLEAN\n\nNo cross-session interference detected.\n\nChecks passed:\n ✓ No stale lock file (.openclaw/safety-checks.lock)\n ✓ No orphan temp files (output/safety/temp-*)\n ✓ Config file valid (.openclaw/safety-checks.yaml)" }, { "title": "/sc session output (interference)", "body": "[SESSION CHECK]\nStatus: ✗ INTERFERENCE DETECTED\n\nIssues found:\n\n1. Stale file lock:\n File: .openclaw/safety-checks.lock\n Owner: PID 12345 (not running)\n Action: Remove lock with /sc session --clear-state\n\n2. Orphan temp files (3):\n output/safety/temp-*.log\n Age: > 24 hours\n Action: Remove with /sc session --clear-state\n\nRun /sc session --clear-state to remediate." }, { "title": "Integration", "body": "Layer: Safety\nDepends on: constraint-engine (for enforcement integration)\nUsed by: constraint-engine (for pre-action safety checks), governance (for health monitoring)" }, { "title": "Failure Modes", "body": "ConditionBehaviorInvalid sub-commandList available sub-commandsConfig not foundUse defaults, warn userNetwork unavailableSkip remote checks, warnPermission deniedError with remediation steps" }, { "title": "Next Steps", "body": "After invoking this skill:\n\nConditionActionModel driftAlert user, suggest config updateFallback missingAlert user, suggest setupCache staleOffer to clear, or auto-clear if configuredSession interferenceClear state, log incident" }, { "title": "Workspace Files", "body": "This skill reads/writes only within declared paths:\n\n.openclaw/\n├── safety-checks.yaml # Primary config (read)\n└── cache/\n └── staleness.log # Cache check history (read/write)\n\n.claude/\n└── safety-checks.yaml # Claude Code config (read)\n\noutput/\n└── safety/\n ├── model-checks.log # Model version history (write)\n ├── fallback-tests.log # Fallback test results (write)\n └── session-state.log # Session state log (write)\n\nNote: This skill does NOT read .claude/settings.json or any other tool's configuration." }, { "title": "HEARTBEAT Integration", "body": "These checks should run periodically via HEARTBEAT:\n\n## P1: Critical (Every Session)\n- [ ] Model version pinned? → /sc model\n- [ ] Session state clean? → /sc session\n\n## P2: Important (Weekly)\n- [ ] Fallback chains healthy? → /sc fallback\n- [ ] Cache fresh? → /sc cache" }, { "title": "Model Drift Detection", "body": "/sc model --strict\n[MODEL CHECK]\nStatus: ⚠ VERSION DRIFT\n\nExpected: anthropic-opus-4-5-20251101\nActual: anthropic-opus-4-5-20260101\n\nModel version changed. Review CHANGELOG for behavior changes." }, { "title": "Cache Cleanup", "body": "/sc cache --clear\n[CACHE CHECK]\nStatus: ✓ CLEANED\n\nRemoved 14 stale entries from .openclaw/cache/\nFreed: 2.3 MB" }, { "title": "Security Considerations", "body": "Local-only processing: All safety checks are local file and metadata operations. No data is\nsent to any LLM, API, or external service. The \"agent's model\" is only used to interpret your\ncommands — not to process or transmit your data.\n\nExact files accessed (read):\n\n.openclaw/safety-checks.yaml — your skill configuration\n.claude/safety-checks.yaml — alternate config location\n.openclaw/cache/staleness.log — cache check history (if exists)\n\nExact files written:\n\noutput/safety/*.log — check results and history\n\nThis skill does NOT scan directories or read other skills' config files.\n\nWhat this skill does NOT access:\n\nOther skills' configuration files\nSystem environment variables\n.claude/settings.json or other tool configs\nAny files outside the three config paths listed above\nNetwork resources or external APIs\n\nWhat this skill does NOT do:\n\nSend data to any model or external service\nModify files outside output/safety/\nExecute arbitrary code\n\nData handling:\n\nAll checks are read-only except for --clear operations on its own cache/output\nResults are written to output/safety/ only\nNo data leaves the local machine\n\nModel version clarification:\nThe /sc model command compares the expected version in your config against the model\nversion string reported by your agent runtime (e.g., in session metadata or API headers).\nIt does NOT make API calls to verify the model — it reads information your agent already has.\n\nProvenance note:\nThis skill is developed by Live Neon (https://github.com/live-neon/skills) and published\nto ClawHub under the leegitw account. Both refer to the same maintainer." }, { "title": "Acceptance Criteria", "body": "/sc model verifies model version matches config\n /sc model warns or fails on version drift based on strict setting\n /sc fallback verifies fallback config entries exist in config file\n /sc cache detects entries older than TTL\n /sc cache --clear removes stale entries\n /sc session detects cross-session state leakage\n /sc session --clear-state remediates found issues\n All checks integrated with HEARTBEAT\n\nConsolidated from 4 skills as part of agentic skills consolidation (2026-02-15)." } ], "body": "safety-checks (安全)\n\nUnified skill for runtime safety verification including model version pinning, fallback chain validation, cache staleness detection, and cross-session state checks. Consolidates 4 granular skills into a single safety verification suite.\n\nTrigger: 事前検証 (pre-flight) or HEARTBEAT\n\nSource skills: model-pinner, fallback-checker, cache-validator, cross-session-safety-check (from extensions)\n\nInstallation\nopenclaw install leegitw/safety-checks\n\n\nDependencies: leegitw/constraint-engine (for enforcement integration)\n\n# Install with dependencies\nopenclaw install leegitw/context-verifier\nopenclaw install leegitw/failure-memory\nopenclaw install leegitw/constraint-engine\nopenclaw install leegitw/safety-checks\n\n\nStandalone usage: Model pinning and cache checks work independently. Full integration with constraint enforcement requires constraint-engine.\n\nData handling: This skill performs local-only operations. All checks (model version comparison, cache age verification, file lock detection) are local file/metadata operations — no data is sent to any model, API, or external service. Results are written to output/safety/ in your workspace.\n\nWhat This Solves\n\nAI systems can silently degrade — model versions drift, caches go stale, sessions accumulate state. This skill catches these issues before they cause problems:\n\nModel pinning — verify you're using the model you expect\nFallback validation — ensure degraded-mode paths exist and work\nCache checks — detect stale or corrupted cached data\nSession hygiene — identify cross-session state contamination\n\nThe insight: Runtime verification catches what static rules miss. Check the system state, not just the configuration.\n\nUsage\n/sc [arguments]\n\nSub-Commands\nCommand\tCJK\tLogic\tTrigger\n/sc model\t機種\tmodel.version→pinned✓∨drift✗\tHEARTBEAT\n/sc fallback\t代替\tchain.exists→safe✓∨missing✗\tHEARTBEAT\n/sc cache\t快取\tresponse.age>TTL→stale✗\tHEARTBEAT\n/sc session\t会話\tcross_session.state→clean✓∨interference✗\tHEARTBEAT\nArguments\n/sc model\nArgument\tRequired\tDescription\n--expected\tNo\tExpected model version (default: from config)\n--strict\tNo\tFail on any version mismatch\n/sc fallback\nArgument\tRequired\tDescription\n--chain\tNo\tSpecific fallback chain to check in config\n\nNote: This command validates that fallback configurations exist in your config file. It does NOT make network calls or test actual connectivity. It's a config file audit.\n\n/sc cache\nArgument\tRequired\tDescription\n--ttl\tNo\tTTL in seconds (default: 3600)\n--clear\tNo\tClear stale cache entries\n/sc session\nArgument\tRequired\tDescription\n--check-state\tNo\tCheck for state leakage between sessions\n--clear-state\tNo\tClear any leaked state\nConfiguration\n\nConfiguration is loaded from (in order of precedence):\n\n.openclaw/safety-checks.yaml (OpenClaw standard)\n.claude/safety-checks.yaml (Claude Code compatibility)\nDefaults (built-in)\nCore Logic\nModel Version Pinning\n\nEnsures AI model version matches expected configuration.\n\nHow it works: This skill compares the model version reported in your agent's session metadata (e.g., the model name in API responses or agent headers) against the expected version in your config file. It does NOT call the model API to check — it reads the version string that your agent runtime already exposes.\n\nModel version format: {provider}-{model}-{version}-{date}\n\nExamples:\n\nanthropic-opus-4-5-20251101\nopenai-gpt-4-turbo-20250301\ngoogle-gemini-2-pro-20260101\n# .openclaw/safety-checks.yaml\nmodel:\n expected: \"anthropic-opus-4-5-20251101\" # Provider-neutral format\n strict: true\n\nCondition\tResult\nVersion matches\t✓ Pinned\nVersion differs, strict=false\t⚠ Warning\nVersion differs, strict=true\t✗ Fail\nFallback Chain Validation\n\nConfig audit only — verifies fallback entries exist in your config file. This does NOT make network calls or test actual connectivity.\n\nChecks that your safety-checks.yaml declares fallback configurations:\n\n# Example config entries this command validates exist:\nfallbacks:\n model: [\"primary-model\", \"fallback-model\", \"cached\"]\n storage: [\"primary-path\", \"backup-path\"]\n\nCheck\tWhat It Validates\nModel fallbacks\tConfig lists alternative models\nStorage fallbacks\tConfig lists backup paths\nCache Staleness Detection\n\nPrevents use of outdated cached data:\n\nAge\tTTL\tStatus\n< TTL\tAny\t✓ Fresh\n> TTL\tNot critical\t⚠ Stale warning\n> TTL\tCritical\t✗ Stale fail\nCross-Session State\n\nDetects state leakage between sessions:\n\nCheck\tExact File Checked\tRisk\nFile locks\t.openclaw/safety-checks.lock\tResource contention\nWorkspace temp files\toutput/safety/temp-*\tDisk exhaustion\nSkill config\t.openclaw/safety-checks.yaml values\tConfiguration drift\n\nScope: Checks are limited to this skill's own files only. This skill does NOT scan directories, does NOT read other skills' config files, and does NOT access files outside the specific paths listed above.\n\nOutput\n/sc model output (pinned)\n[MODEL CHECK]\nStatus: ✓ PINNED\n\nExpected: anthropic-opus-4-5-20251101\nActual: anthropic-opus-4-5-20251101\n\nModel version matches configuration.\n\n/sc model output (drift)\n[MODEL CHECK]\nStatus: ✗ VERSION DRIFT\n\nExpected: anthropic-opus-4-5-20251101\nActual: anthropic-opus-4-5-20251201\n\nWARNING: Model version has changed.\nThis may affect behavior consistency.\n\nAction: Update expected version in settings, or investigate change.\n\n/sc fallback output\n[FALLBACK CHECK]\nStatus: ✓ CONFIGURED\n\nConfig file: .openclaw/safety-checks.yaml\n\nFallback entries found:\n ✓ model.fallbacks: 3 entries defined\n ✓ storage.fallbacks: 2 entries defined\n\nNote: This validates config entries exist, not actual connectivity.\n ✓ Tertiary (memory) - 4GB free\n\n/sc cache output\n[CACHE CHECK]\nStatus: ⚠ STALE ENTRIES FOUND\n\nCache Statistics:\n Total entries: 156\n Fresh (< 1h): 142\n Stale (> 1h): 14\n Critical stale: 0\n\nStale entries:\n - api_response_auth (age: 2h 15m)\n - user_preferences (age: 1h 30m)\n - ...\n\nAction: Run /sc cache --clear to remove stale entries.\n\n/sc session output (clean)\n[SESSION CHECK]\nStatus: ✓ CLEAN\n\nNo cross-session interference detected.\n\nChecks passed:\n ✓ No stale lock file (.openclaw/safety-checks.lock)\n ✓ No orphan temp files (output/safety/temp-*)\n ✓ Config file valid (.openclaw/safety-checks.yaml)\n\n/sc session output (interference)\n[SESSION CHECK]\nStatus: ✗ INTERFERENCE DETECTED\n\nIssues found:\n\n1. Stale file lock:\n File: .openclaw/safety-checks.lock\n Owner: PID 12345 (not running)\n Action: Remove lock with /sc session --clear-state\n\n2. Orphan temp files (3):\n output/safety/temp-*.log\n Age: > 24 hours\n Action: Remove with /sc session --clear-state\n\nRun /sc session --clear-state to remediate.\n\nIntegration\nLayer: Safety\nDepends on: constraint-engine (for enforcement integration)\nUsed by: constraint-engine (for pre-action safety checks), governance (for health monitoring)\nFailure Modes\nCondition\tBehavior\nInvalid sub-command\tList available sub-commands\nConfig not found\tUse defaults, warn user\nNetwork unavailable\tSkip remote checks, warn\nPermission denied\tError with remediation steps\nNext Steps\n\nAfter invoking this skill:\n\nCondition\tAction\nModel drift\tAlert user, suggest config update\nFallback missing\tAlert user, suggest setup\nCache stale\tOffer to clear, or auto-clear if configured\nSession interference\tClear state, log incident\nWorkspace Files\n\nThis skill reads/writes only within declared paths:\n\n.openclaw/\n├── safety-checks.yaml # Primary config (read)\n└── cache/\n └── staleness.log # Cache check history (read/write)\n\n.claude/\n└── safety-checks.yaml # Claude Code config (read)\n\noutput/\n└── safety/\n ├── model-checks.log # Model version history (write)\n ├── fallback-tests.log # Fallback test results (write)\n └── session-state.log # Session state log (write)\n\n\nNote: This skill does NOT read .claude/settings.json or any other tool's configuration.\n\nHEARTBEAT Integration\n\nThese checks should run periodically via HEARTBEAT:\n\n## P1: Critical (Every Session)\n- [ ] Model version pinned? → /sc model\n- [ ] Session state clean? → /sc session\n\n## P2: Important (Weekly)\n- [ ] Fallback chains healthy? → /sc fallback\n- [ ] Cache fresh? → /sc cache\n\nExamples\nModel Drift Detection\n/sc model --strict\n[MODEL CHECK]\nStatus: ⚠ VERSION DRIFT\n\nExpected: anthropic-opus-4-5-20251101\nActual: anthropic-opus-4-5-20260101\n\nModel version changed. Review CHANGELOG for behavior changes.\n\nCache Cleanup\n/sc cache --clear\n[CACHE CHECK]\nStatus: ✓ CLEANED\n\nRemoved 14 stale entries from .openclaw/cache/\nFreed: 2.3 MB\n\nSecurity Considerations\n\nLocal-only processing: All safety checks are local file and metadata operations. No data is sent to any LLM, API, or external service. The \"agent's model\" is only used to interpret your commands — not to process or transmit your data.\n\nExact files accessed (read):\n\n.openclaw/safety-checks.yaml — your skill configuration\n.claude/safety-checks.yaml — alternate config location\n.openclaw/cache/staleness.log — cache check history (if exists)\n\nExact files written:\n\noutput/safety/*.log — check results and history\n\nThis skill does NOT scan directories or read other skills' config files.\n\nWhat this skill does NOT access:\n\nOther skills' configuration files\nSystem environment variables\n.claude/settings.json or other tool configs\nAny files outside the three config paths listed above\nNetwork resources or external APIs\n\nWhat this skill does NOT do:\n\nSend data to any model or external service\nModify files outside output/safety/\nExecute arbitrary code\n\nData handling:\n\nAll checks are read-only except for --clear operations on its own cache/output\nResults are written to output/safety/ only\nNo data leaves the local machine\n\nModel version clarification: The /sc model command compares the expected version in your config against the model version string reported by your agent runtime (e.g., in session metadata or API headers). It does NOT make API calls to verify the model — it reads information your agent already has.\n\nProvenance note: This skill is developed by Live Neon (https://github.com/live-neon/skills) and published to ClawHub under the leegitw account. Both refer to the same maintainer.\n\nAcceptance Criteria\n /sc model verifies model version matches config\n /sc model warns or fails on version drift based on strict setting\n /sc fallback verifies fallback config entries exist in config file\n /sc cache detects entries older than TTL\n /sc cache --clear removes stale entries\n /sc session detects cross-session state leakage\n /sc session --clear-state remediates found issues\n All checks integrated with HEARTBEAT\n\nConsolidated from 4 skills as part of agentic skills consolidation (2026-02-15)." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/leegitw/safety-checks", "publisherUrl": "https://clawhub.ai/leegitw/safety-checks", "owner": "leegitw", "version": "1.5.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/safety-checks", "downloadUrl": "https://openagent3.xyz/downloads/safety-checks", "agentUrl": "https://openagent3.xyz/skills/safety-checks/agent", "manifestUrl": "https://openagent3.xyz/skills/safety-checks/agent.json", "briefUrl": "https://openagent3.xyz/skills/safety-checks/agent.md" } }