{ "schemaVersion": "1.0", "item": { "slug": "system-health-check", "name": "System Health Check", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/satoshistackalotto/system-health-check", "canonicalUrl": "https://clawhub.ai/satoshistackalotto/system-health-check", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/system-health-check", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=system-health-check", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "EVALS.json", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/system-health-check" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/system-health-check", "agentPageUrl": "https://openagent3.xyz/skills/system-health-check/agent", "manifestUrl": "https://openagent3.xyz/skills/system-health-check/agent.json", "briefUrl": "https://openagent3.xyz/skills/system-health-check/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "System Health Check", "body": "This skill validates the entire OpenClaw Greek Accounting system in a single command. It checks skill file integrity, directory structure, file permissions, required dependencies, backup freshness, encryption status, and process lock health. Designed to run daily via cron or manually before critical operations." }, { "title": "Setup", "body": "export OPENCLAW_DATA_DIR=\"/data\"\nwhich jq openssl || sudo apt install jq openssl\n\nRead-only validation skill. Checks file presence, directory structure, permissions, and backup freshness. Never modifies any data." }, { "title": "Core Philosophy", "body": "Fast & Non-Destructive: Read-only checks — never modifies any data\nComprehensive: Covers every layer from skill files to encryption status\nActionable Output: Every failure includes a specific remediation command\nCron-Friendly: Exit code 0 for all-pass, exit code 1 for any failure\nEnglish Output: Plain English report suitable for accounting assistants and system admins" }, { "title": "Full Health Check", "body": "# Run all checks\nopenclaw health-check --all\n\n# Run all checks with verbose output\nopenclaw health-check --all --verbose\n\n# Run all checks and write report to /data/reports/system/\nopenclaw health-check --all --save-report" }, { "title": "Individual Check Categories", "body": "# Check skill files only\nopenclaw health-check --skills\n\n# Check directory structure against canonical data map\nopenclaw health-check --directories\n\n# Check file permissions on sensitive directories\nopenclaw health-check --permissions\n\n# Check required binaries and dependencies\nopenclaw health-check --dependencies\n\n# Check backup freshness and integrity\nopenclaw health-check --backups\n\n# Check for stale process locks\nopenclaw health-check --locks\n\n# Check encryption status on sensitive directories\nopenclaw health-check --encryption\n\n# Check data integrity hashes\nopenclaw health-check --integrity" }, { "title": "Scheduled Checks", "body": "# Quick check — skills + directories + locks (for hourly cron)\nopenclaw health-check --quick\n\n# Standard check — everything except full integrity hash verification (for daily cron)\nopenclaw health-check --standard\n\n# Deep check — all checks including full hash verification (for weekly cron)\nopenclaw health-check --deep" }, { "title": "1. Skill File Validation", "body": "Verifies all 19 operational skills and the canonical data map are present and well-formed.\n\nSkill_File_Checks:\n presence:\n description: \"Every skill folder contains a SKILL.md file\"\n expected_count: 20\n check: \"ls skills/*/SKILL.md\"\n \n frontmatter:\n description: \"Every SKILL.md has valid YAML frontmatter with required fields\"\n required_fields: [\"name\", \"description\", \"version\", \"author\", \"tags\", \"metadata\"]\n check: \"Parse frontmatter block between --- delimiters\"\n \n evals:\n description: \"Every operational skill has an EVALS.json file\"\n expected_count: 19\n excluded: [\"canonical-data-map\"]\n check: \"ls skills/*/EVALS.json, validate JSON syntax\"\n \n evals_content:\n description: \"Each EVALS.json contains at least 5 test cases\"\n minimum_cases: 5\n check: \"Parse JSON, count array length\"\n\n skill_inventory:\n - \"canonical-data-map\"\n - \"accounting-workflows\"\n - \"greek-compliance-aade\"\n - \"cli-deadline-monitor\"\n - \"greek-email-processor\"\n - \"greek-individual-taxes\"\n - \"openclaw-greek-accounting-meta\"\n - \"aade-api-monitor\"\n - \"greek-banking-integration\"\n - \"greek-document-ocr\"\n - \"efka-api-integration\"\n - \"dashboard-greek-accounting\"\n - \"client-data-management\"\n - \"user-authentication-system\"\n - \"conversational-ai-assistant\"\n - \"greek-financial-statements\"\n - \"client-communication-engine\"\n - \"system-integrity-and-backup\"\n - \"analytics-and-advisory-intelligence\"\n - \"memory-feedback\"" }, { "title": "2. Directory Structure Validation", "body": "Checks all canonical directories exist under /data/ as specified in the canonical data map (Skill 00).\n\nDirectory_Checks:\n top_level:\n required:\n - \"/data/incoming/\"\n - \"/data/processing/\"\n - \"/data/clients/\"\n - \"/data/compliance/\"\n - \"/data/banking/\"\n - \"/data/ocr/\"\n - \"/data/efka/\"\n - \"/data/reports/\"\n - \"/data/exports/\"\n - \"/data/imports/\"\n - \"/data/dashboard/\"\n - \"/data/auth/\"\n - \"/data/backups/\"\n - \"/data/gdpr-exports/\"\n - \"/data/memory/\"\n - \"/data/system/\"\n\n subdirectories:\n incoming:\n - \"/data/incoming/invoices/\"\n - \"/data/incoming/receipts/\"\n - \"/data/incoming/statements/\"\n - \"/data/incoming/government/\"\n - \"/data/incoming/payroll/\"\n - \"/data/incoming/tax-documents/\"\n - \"/data/incoming/contracts/\"\n - \"/data/incoming/other/\"\n processing:\n - \"/data/processing/ocr/\"\n - \"/data/processing/classification/\"\n - \"/data/processing/reconciliation/\"\n - \"/data/processing/compliance/\"\n system:\n - \"/data/system/logs/\"\n - \"/data/system/logs/audit/\"\n - \"/data/system/process-locks/\"\n - \"/data/system/integrity/\"\n\n unexpected_directories:\n description: \"Flag any top-level directory under /data/ not in the canonical map\"\n action: \"WARN — may indicate a skill creating non-canonical paths\"" }, { "title": "3. File Permission Checks", "body": "Validates OS-level file permissions on sensitive directories.\n\nPermission_Checks:\n restricted_directories:\n - path: \"/data/auth/\"\n expected_mode: \"700\"\n description: \"Auth directory must be restricted to service user\"\n - path: \"/data/auth/users/*/credentials.json\"\n expected_mode: \"600\"\n description: \"Credential files must not be world-readable\"\n \n sensitive_directories:\n - path: \"/data/clients/\"\n expected_mode: \"700\"\n description: \"Client data directory should be restricted\"\n - path: \"/data/backups/\"\n expected_mode: \"700\"\n description: \"Backup directory should be restricted\"\n \n note: \"Permission checks may report SKIP on systems where the OpenClaw agent runs as root or in a container without OS-level permission enforcement.\"" }, { "title": "4. Dependency Checks", "body": "Verifies required binaries and environment variables are available.\n\nDependency_Checks:\n required_binaries:\n - name: \"jq\"\n check: \"which jq\"\n used_by: \"All skills — JSON processing\"\n - name: \"curl\"\n check: \"which curl\"\n used_by: \"AADE monitor, email processor, EFKA, memory-feedback\"\n - name: \"openssl\"\n check: \"which openssl\"\n used_by: \"System integrity, backup encryption\"\n\n required_env_vars:\n - name: \"OPENCLAW_DATA_DIR\"\n description: \"Root data directory path\"\n default: \"/data/\"\n \n optional_env_vars:\n - name: \"OPENCLAW_ENCRYPTION_KEY\"\n description: \"Master encryption key for data-at-rest\"\n warn_if_missing: true\n - name: \"GITHUB_TOKEN\"\n description: \"GitHub PAT for memory-feedback PR workflow\"\n warn_if_missing: true\n - name: \"SMTP_HOST\"\n description: \"Mail server for client communications\"\n warn_if_missing: true" }, { "title": "5. Backup Freshness", "body": "Checks that backups are current per the schedule defined in Skill 17.\n\nBackup_Checks:\n weekly_full:\n description: \"Full backup should exist from within the last 7 days\"\n location: \"/data/backups/\"\n pattern: \"full_*.tar.enc\"\n max_age_days: 7\n severity: \"HIGH if missing\"\n \n daily_incremental:\n description: \"Incremental backup should exist from within the last 24 hours\"\n location: \"/data/backups/\"\n pattern: \"incremental_*.tar.enc\"\n max_age_hours: 26\n severity: \"MEDIUM if missing (allows 2-hour grace period)\"\n \n verification:\n description: \"Last backup verification should be within 7 days\"\n check: \"Look for verification report in /data/reports/system/\"\n severity: \"MEDIUM if stale\"" }, { "title": "6. Process Lock Health", "body": "Detects stale process locks that may indicate crashed operations.\n\nLock_Checks:\n location: \"/data/system/process-locks/\"\n stale_threshold_minutes: 30\n check_method:\n - \"List all .lock files\"\n - \"Read timestamp from each lock file\"\n - \"Flag locks older than threshold\"\n - \"Check if process ID in lock file is still running\"\n actions:\n stale_found: \"WARN — list stale locks with age and owning process\"\n suggestion: \"Run: openclaw integrity clear-stale-locks --confirm\"\n active_found: \"INFO — list active locks (normal operation)\"" }, { "title": "7. Encryption Status", "body": "Verifies encryption configuration on directories that require it per the canonical data map.\n\nEncryption_Checks:\n mandatory_encrypted:\n - \"/data/auth/\"\n - \"/data/clients/\"\n - \"/data/compliance/\"\n - \"/data/efka/\"\n - \"/data/gdpr-exports/\"\n check_methods:\n luks: \"Check if volume is LUKS-encrypted via lsblk or cryptsetup status\"\n fscrypt: \"Check fscrypt policy on directory\"\n env_key: \"Verify OPENCLAW_ENCRYPTION_KEY environment variable is set\"\n note: \"In development/testing environments, encryption may not be configured. Report as WARN, not FAIL.\"" }, { "title": "8. Data Integrity", "body": "Validates file hashes against the integrity registry maintained by Skill 17.\n\nIntegrity_Checks:\n registry_location: \"/data/system/integrity/\"\n check_method:\n - \"Read hash registry for canonical files\"\n - \"Recompute SHA-256 hashes for each file\"\n - \"Compare against stored hashes\"\n - \"Flag any mismatches\"\n scope:\n quick: \"Check 10% random sample of files\"\n standard: \"Check all files modified in last 7 days\"\n deep: \"Check all files in registry\"\n severity:\n mismatch: \"HIGH — file has been modified outside normal skill operations\"\n missing_from_registry: \"MEDIUM — file exists but has no hash recorded\"\n missing_file: \"HIGH — registry references a file that no longer exists\"" }, { "title": "Console Output", "body": "╔══════════════════════════════════════════════════╗\n║ OpenClaw Greek Accounting — Health Report ║\n╠══════════════════════════════════════════════════╣\n║ Run: 2026-02-19 15:30:00 (Europe/Athens) ║\n║ Mode: standard ║\n╚══════════════════════════════════════════════════╝\n\n SKILLS\n ✅ 20/20 SKILL.md files present\n ✅ 20/20 frontmatter valid\n ✅ 19/19 EVALS.json present\n ✅ All EVALS have 5+ test cases\n\n DIRECTORIES\n ✅ 16/16 top-level directories present\n ✅ No unexpected top-level directories\n ⚠️ 2 subdirectories missing (see details)\n\n PERMISSIONS\n ✅ /data/auth/ — mode 700\n ❌ /data/clients/ — mode 755 (expected 700)\n\n DEPENDENCIES\n ✅ jq installed (v1.7.1)\n ✅ curl installed (v8.5.0)\n ✅ openssl installed (v3.0.13)\n ⚠️ OPENCLAW_ENCRYPTION_KEY not set\n\n BACKUPS\n ✅ Full backup: 2026-02-16 02:00 (3 days ago)\n ✅ Incremental: 2026-02-19 03:00 (12 hours ago)\n ⚠️ Last verification: 2026-02-10 (9 days ago)\n\n LOCKS\n ✅ No stale process locks\n\n ENCRYPTION\n ⚠️ Encryption not detected on /data/clients/\n ⚠️ OPENCLAW_ENCRYPTION_KEY not set\n\n INTEGRITY\n ✅ 847/847 files match stored hashes\n\n═══════════════════════════════════════════════════\n RESULT: 1 FAIL, 4 WARN — review required\n Details: openclaw health-check --all --verbose\n═══════════════════════════════════════════════════" }, { "title": "JSON Report", "body": "Written to /data/reports/system/health-check_{YYYYMMDD}_{HHMMSS}.json:\n\n{\n \"timestamp\": \"2026-02-19T15:30:00Z\",\n \"mode\": \"standard\",\n \"result\": \"WARN\",\n \"summary\": {\n \"pass\": 18,\n \"fail\": 1,\n \"warn\": 4,\n \"skip\": 0\n },\n \"checks\": [\n {\n \"category\": \"skills\",\n \"check\": \"skill_files_present\",\n \"result\": \"PASS\",\n \"details\": \"20/20 SKILL.md files present\"\n },\n {\n \"category\": \"permissions\",\n \"check\": \"clients_directory_mode\",\n \"result\": \"FAIL\",\n \"expected\": \"700\",\n \"actual\": \"755\",\n \"remediation\": \"chmod 700 /data/clients/\"\n }\n ]\n}" }, { "title": "Cron Configuration", "body": "{\n \"cron\": {\n \"health-quick\": {\n \"schedule\": \"0 */4 * * *\",\n \"command\": \"openclaw health-check --quick --save-report\",\n \"description\": \"Quick check every 4 hours\"\n },\n \"health-standard\": {\n \"schedule\": \"0 7 * * *\",\n \"command\": \"openclaw health-check --standard --save-report\",\n \"description\": \"Standard check every morning at 07:00 Athens\"\n },\n \"health-deep\": {\n \"schedule\": \"0 3 * * 0\",\n \"command\": \"openclaw health-check --deep --save-report\",\n \"description\": \"Deep check every Sunday at 03:00 Athens\"\n }\n }\n}" }, { "title": "Dashboard Integration", "body": "# Health check status feeds into the dashboard system health panel\nopenclaw dashboard refresh --state system-health\n# Dashboard shows: last check time, result, and count of issues" }, { "title": "Memory Integration", "body": "# Failed health checks are logged as system failures for pattern detection\n# Written to /data/memory/failures/ with failure_type: health_check_failed" }, { "title": "Meta-Skill Integration", "body": "# Health check runs automatically before major operations\nopenclaw greek monthly-process --pre-flight-check\n# Equivalent to: openclaw health-check --quick && openclaw greek monthly-process" }, { "title": "Exit Codes", "body": "CodeMeaning0All checks passed (may include WARN)1One or more FAIL results2Health check itself failed to run (dependency missing, permission error)" } ], "body": "System Health Check\n\nThis skill validates the entire OpenClaw Greek Accounting system in a single command. It checks skill file integrity, directory structure, file permissions, required dependencies, backup freshness, encryption status, and process lock health. Designed to run daily via cron or manually before critical operations.\n\nSetup\nexport OPENCLAW_DATA_DIR=\"/data\"\nwhich jq openssl || sudo apt install jq openssl\n\n\nRead-only validation skill. Checks file presence, directory structure, permissions, and backup freshness. Never modifies any data.\n\nCore Philosophy\nFast & Non-Destructive: Read-only checks — never modifies any data\nComprehensive: Covers every layer from skill files to encryption status\nActionable Output: Every failure includes a specific remediation command\nCron-Friendly: Exit code 0 for all-pass, exit code 1 for any failure\nEnglish Output: Plain English report suitable for accounting assistants and system admins\nOpenClaw Commands\nFull Health Check\n# Run all checks\nopenclaw health-check --all\n\n# Run all checks with verbose output\nopenclaw health-check --all --verbose\n\n# Run all checks and write report to /data/reports/system/\nopenclaw health-check --all --save-report\n\nIndividual Check Categories\n# Check skill files only\nopenclaw health-check --skills\n\n# Check directory structure against canonical data map\nopenclaw health-check --directories\n\n# Check file permissions on sensitive directories\nopenclaw health-check --permissions\n\n# Check required binaries and dependencies\nopenclaw health-check --dependencies\n\n# Check backup freshness and integrity\nopenclaw health-check --backups\n\n# Check for stale process locks\nopenclaw health-check --locks\n\n# Check encryption status on sensitive directories\nopenclaw health-check --encryption\n\n# Check data integrity hashes\nopenclaw health-check --integrity\n\nScheduled Checks\n# Quick check — skills + directories + locks (for hourly cron)\nopenclaw health-check --quick\n\n# Standard check — everything except full integrity hash verification (for daily cron)\nopenclaw health-check --standard\n\n# Deep check — all checks including full hash verification (for weekly cron)\nopenclaw health-check --deep\n\nCheck Specifications\n1. Skill File Validation\n\nVerifies all 19 operational skills and the canonical data map are present and well-formed.\n\nSkill_File_Checks:\n presence:\n description: \"Every skill folder contains a SKILL.md file\"\n expected_count: 20\n check: \"ls skills/*/SKILL.md\"\n \n frontmatter:\n description: \"Every SKILL.md has valid YAML frontmatter with required fields\"\n required_fields: [\"name\", \"description\", \"version\", \"author\", \"tags\", \"metadata\"]\n check: \"Parse frontmatter block between --- delimiters\"\n \n evals:\n description: \"Every operational skill has an EVALS.json file\"\n expected_count: 19\n excluded: [\"canonical-data-map\"]\n check: \"ls skills/*/EVALS.json, validate JSON syntax\"\n \n evals_content:\n description: \"Each EVALS.json contains at least 5 test cases\"\n minimum_cases: 5\n check: \"Parse JSON, count array length\"\n\n skill_inventory:\n - \"canonical-data-map\"\n - \"accounting-workflows\"\n - \"greek-compliance-aade\"\n - \"cli-deadline-monitor\"\n - \"greek-email-processor\"\n - \"greek-individual-taxes\"\n - \"openclaw-greek-accounting-meta\"\n - \"aade-api-monitor\"\n - \"greek-banking-integration\"\n - \"greek-document-ocr\"\n - \"efka-api-integration\"\n - \"dashboard-greek-accounting\"\n - \"client-data-management\"\n - \"user-authentication-system\"\n - \"conversational-ai-assistant\"\n - \"greek-financial-statements\"\n - \"client-communication-engine\"\n - \"system-integrity-and-backup\"\n - \"analytics-and-advisory-intelligence\"\n - \"memory-feedback\"\n\n2. Directory Structure Validation\n\nChecks all canonical directories exist under /data/ as specified in the canonical data map (Skill 00).\n\nDirectory_Checks:\n top_level:\n required:\n - \"/data/incoming/\"\n - \"/data/processing/\"\n - \"/data/clients/\"\n - \"/data/compliance/\"\n - \"/data/banking/\"\n - \"/data/ocr/\"\n - \"/data/efka/\"\n - \"/data/reports/\"\n - \"/data/exports/\"\n - \"/data/imports/\"\n - \"/data/dashboard/\"\n - \"/data/auth/\"\n - \"/data/backups/\"\n - \"/data/gdpr-exports/\"\n - \"/data/memory/\"\n - \"/data/system/\"\n\n subdirectories:\n incoming:\n - \"/data/incoming/invoices/\"\n - \"/data/incoming/receipts/\"\n - \"/data/incoming/statements/\"\n - \"/data/incoming/government/\"\n - \"/data/incoming/payroll/\"\n - \"/data/incoming/tax-documents/\"\n - \"/data/incoming/contracts/\"\n - \"/data/incoming/other/\"\n processing:\n - \"/data/processing/ocr/\"\n - \"/data/processing/classification/\"\n - \"/data/processing/reconciliation/\"\n - \"/data/processing/compliance/\"\n system:\n - \"/data/system/logs/\"\n - \"/data/system/logs/audit/\"\n - \"/data/system/process-locks/\"\n - \"/data/system/integrity/\"\n\n unexpected_directories:\n description: \"Flag any top-level directory under /data/ not in the canonical map\"\n action: \"WARN — may indicate a skill creating non-canonical paths\"\n\n3. File Permission Checks\n\nValidates OS-level file permissions on sensitive directories.\n\nPermission_Checks:\n restricted_directories:\n - path: \"/data/auth/\"\n expected_mode: \"700\"\n description: \"Auth directory must be restricted to service user\"\n - path: \"/data/auth/users/*/credentials.json\"\n expected_mode: \"600\"\n description: \"Credential files must not be world-readable\"\n \n sensitive_directories:\n - path: \"/data/clients/\"\n expected_mode: \"700\"\n description: \"Client data directory should be restricted\"\n - path: \"/data/backups/\"\n expected_mode: \"700\"\n description: \"Backup directory should be restricted\"\n \n note: \"Permission checks may report SKIP on systems where the OpenClaw agent runs as root or in a container without OS-level permission enforcement.\"\n\n4. Dependency Checks\n\nVerifies required binaries and environment variables are available.\n\nDependency_Checks:\n required_binaries:\n - name: \"jq\"\n check: \"which jq\"\n used_by: \"All skills — JSON processing\"\n - name: \"curl\"\n check: \"which curl\"\n used_by: \"AADE monitor, email processor, EFKA, memory-feedback\"\n - name: \"openssl\"\n check: \"which openssl\"\n used_by: \"System integrity, backup encryption\"\n\n required_env_vars:\n - name: \"OPENCLAW_DATA_DIR\"\n description: \"Root data directory path\"\n default: \"/data/\"\n \n optional_env_vars:\n - name: \"OPENCLAW_ENCRYPTION_KEY\"\n description: \"Master encryption key for data-at-rest\"\n warn_if_missing: true\n - name: \"GITHUB_TOKEN\"\n description: \"GitHub PAT for memory-feedback PR workflow\"\n warn_if_missing: true\n - name: \"SMTP_HOST\"\n description: \"Mail server for client communications\"\n warn_if_missing: true\n\n5. Backup Freshness\n\nChecks that backups are current per the schedule defined in Skill 17.\n\nBackup_Checks:\n weekly_full:\n description: \"Full backup should exist from within the last 7 days\"\n location: \"/data/backups/\"\n pattern: \"full_*.tar.enc\"\n max_age_days: 7\n severity: \"HIGH if missing\"\n \n daily_incremental:\n description: \"Incremental backup should exist from within the last 24 hours\"\n location: \"/data/backups/\"\n pattern: \"incremental_*.tar.enc\"\n max_age_hours: 26\n severity: \"MEDIUM if missing (allows 2-hour grace period)\"\n \n verification:\n description: \"Last backup verification should be within 7 days\"\n check: \"Look for verification report in /data/reports/system/\"\n severity: \"MEDIUM if stale\"\n\n6. Process Lock Health\n\nDetects stale process locks that may indicate crashed operations.\n\nLock_Checks:\n location: \"/data/system/process-locks/\"\n stale_threshold_minutes: 30\n check_method:\n - \"List all .lock files\"\n - \"Read timestamp from each lock file\"\n - \"Flag locks older than threshold\"\n - \"Check if process ID in lock file is still running\"\n actions:\n stale_found: \"WARN — list stale locks with age and owning process\"\n suggestion: \"Run: openclaw integrity clear-stale-locks --confirm\"\n active_found: \"INFO — list active locks (normal operation)\"\n\n7. Encryption Status\n\nVerifies encryption configuration on directories that require it per the canonical data map.\n\nEncryption_Checks:\n mandatory_encrypted:\n - \"/data/auth/\"\n - \"/data/clients/\"\n - \"/data/compliance/\"\n - \"/data/efka/\"\n - \"/data/gdpr-exports/\"\n check_methods:\n luks: \"Check if volume is LUKS-encrypted via lsblk or cryptsetup status\"\n fscrypt: \"Check fscrypt policy on directory\"\n env_key: \"Verify OPENCLAW_ENCRYPTION_KEY environment variable is set\"\n note: \"In development/testing environments, encryption may not be configured. Report as WARN, not FAIL.\"\n\n8. Data Integrity\n\nValidates file hashes against the integrity registry maintained by Skill 17.\n\nIntegrity_Checks:\n registry_location: \"/data/system/integrity/\"\n check_method:\n - \"Read hash registry for canonical files\"\n - \"Recompute SHA-256 hashes for each file\"\n - \"Compare against stored hashes\"\n - \"Flag any mismatches\"\n scope:\n quick: \"Check 10% random sample of files\"\n standard: \"Check all files modified in last 7 days\"\n deep: \"Check all files in registry\"\n severity:\n mismatch: \"HIGH — file has been modified outside normal skill operations\"\n missing_from_registry: \"MEDIUM — file exists but has no hash recorded\"\n missing_file: \"HIGH — registry references a file that no longer exists\"\n\nOutput Format\nConsole Output\n╔══════════════════════════════════════════════════╗\n║ OpenClaw Greek Accounting — Health Report ║\n╠══════════════════════════════════════════════════╣\n║ Run: 2026-02-19 15:30:00 (Europe/Athens) ║\n║ Mode: standard ║\n╚══════════════════════════════════════════════════╝\n\n SKILLS\n ✅ 20/20 SKILL.md files present\n ✅ 20/20 frontmatter valid\n ✅ 19/19 EVALS.json present\n ✅ All EVALS have 5+ test cases\n\n DIRECTORIES\n ✅ 16/16 top-level directories present\n ✅ No unexpected top-level directories\n ⚠️ 2 subdirectories missing (see details)\n\n PERMISSIONS\n ✅ /data/auth/ — mode 700\n ❌ /data/clients/ — mode 755 (expected 700)\n\n DEPENDENCIES\n ✅ jq installed (v1.7.1)\n ✅ curl installed (v8.5.0)\n ✅ openssl installed (v3.0.13)\n ⚠️ OPENCLAW_ENCRYPTION_KEY not set\n\n BACKUPS\n ✅ Full backup: 2026-02-16 02:00 (3 days ago)\n ✅ Incremental: 2026-02-19 03:00 (12 hours ago)\n ⚠️ Last verification: 2026-02-10 (9 days ago)\n\n LOCKS\n ✅ No stale process locks\n\n ENCRYPTION\n ⚠️ Encryption not detected on /data/clients/\n ⚠️ OPENCLAW_ENCRYPTION_KEY not set\n\n INTEGRITY\n ✅ 847/847 files match stored hashes\n\n═══════════════════════════════════════════════════\n RESULT: 1 FAIL, 4 WARN — review required\n Details: openclaw health-check --all --verbose\n═══════════════════════════════════════════════════\n\nJSON Report\n\nWritten to /data/reports/system/health-check_{YYYYMMDD}_{HHMMSS}.json:\n\n{\n \"timestamp\": \"2026-02-19T15:30:00Z\",\n \"mode\": \"standard\",\n \"result\": \"WARN\",\n \"summary\": {\n \"pass\": 18,\n \"fail\": 1,\n \"warn\": 4,\n \"skip\": 0\n },\n \"checks\": [\n {\n \"category\": \"skills\",\n \"check\": \"skill_files_present\",\n \"result\": \"PASS\",\n \"details\": \"20/20 SKILL.md files present\"\n },\n {\n \"category\": \"permissions\",\n \"check\": \"clients_directory_mode\",\n \"result\": \"FAIL\",\n \"expected\": \"700\",\n \"actual\": \"755\",\n \"remediation\": \"chmod 700 /data/clients/\"\n }\n ]\n}\n\nCron Configuration\n{\n \"cron\": {\n \"health-quick\": {\n \"schedule\": \"0 */4 * * *\",\n \"command\": \"openclaw health-check --quick --save-report\",\n \"description\": \"Quick check every 4 hours\"\n },\n \"health-standard\": {\n \"schedule\": \"0 7 * * *\",\n \"command\": \"openclaw health-check --standard --save-report\",\n \"description\": \"Standard check every morning at 07:00 Athens\"\n },\n \"health-deep\": {\n \"schedule\": \"0 3 * * 0\",\n \"command\": \"openclaw health-check --deep --save-report\",\n \"description\": \"Deep check every Sunday at 03:00 Athens\"\n }\n }\n}\n\nIntegration with Other Skills\nDashboard Integration\n# Health check status feeds into the dashboard system health panel\nopenclaw dashboard refresh --state system-health\n# Dashboard shows: last check time, result, and count of issues\n\nMemory Integration\n# Failed health checks are logged as system failures for pattern detection\n# Written to /data/memory/failures/ with failure_type: health_check_failed\n\nMeta-Skill Integration\n# Health check runs automatically before major operations\nopenclaw greek monthly-process --pre-flight-check\n# Equivalent to: openclaw health-check --quick && openclaw greek monthly-process\n\nExit Codes\nCode\tMeaning\n0\tAll checks passed (may include WARN)\n1\tOne or more FAIL results\n2\tHealth check itself failed to run (dependency missing, permission error)" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/satoshistackalotto/system-health-check", "publisherUrl": "https://clawhub.ai/satoshistackalotto/system-health-check", "owner": "satoshistackalotto", "version": "0.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/system-health-check", "downloadUrl": "https://openagent3.xyz/downloads/system-health-check", "agentUrl": "https://openagent3.xyz/skills/system-health-check/agent", "manifestUrl": "https://openagent3.xyz/skills/system-health-check/agent.json", "briefUrl": "https://openagent3.xyz/skills/system-health-check/agent.md" } }