From fc40ba8e7eb1345afdb1c8d274219cd702b73354 Mon Sep 17 00:00:00 2001 From: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> Date: Tue, 3 Feb 2026 09:21:34 -0600 Subject: [PATCH] Skills: refine healthcheck guidance --- skills/healthcheck/SKILL.md | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/skills/healthcheck/SKILL.md b/skills/healthcheck/SKILL.md index 732a2a48e7..4471f045e9 100644 --- a/skills/healthcheck/SKILL.md +++ b/skills/healthcheck/SKILL.md @@ -55,10 +55,11 @@ If you must ask, use non-technical prompts: - “Is disk encryption turned on (FileVault/BitLocker/LUKS)?” - “Are automatic security updates enabled?” - “How do you use this machine?” - 1. Personal machine shared with the assistant - 2. Dedicated local machine for the assistant - 3. Dedicated remote machine/server accessed remotely (always on) - 4. Something else? + Examples: + - Personal machine shared with the assistant + - Dedicated local machine for the assistant + - Dedicated remote machine/server accessed remotely (always on) + - Something else? Only ask for the risk profile after system context is known. @@ -187,6 +188,14 @@ If the user says yes, ask for: - cadence (daily/weekly), preferred time window, and output location - whether to also schedule `openclaw update status` +Use a stable cron job name so updates are deterministic. Prefer exact names: + +- `healthcheck:security-audit` +- `healthcheck:update-status` + +Before creating, `openclaw cron list` and match on exact `name`. If found, `openclaw cron edit ...`. +If not found, `openclaw cron add --name ...`. + Also offer a periodic version check so the user can decide when to update (numbered): 1. `openclaw update status` (preferred for source checkouts and channels) @@ -215,15 +224,20 @@ Record: Redact secrets. Never log tokens or full credential contents. -## Memory writes (required) +## Memory writes (conditional) + +Only write to memory files when the user explicitly opts in and the session is a private/local workspace +(per `docs/reference/templates/AGENTS.md`). Otherwise provide a redacted, paste-ready summary the user can +decide to save elsewhere. Follow the durable-memory prompt format used by OpenClaw compaction: - Write lasting notes to `memory/YYYY-MM-DD.md`. -After each audit/hardening run, append a short, dated summary to `memory/YYYY-MM-DD.md` +After each audit/hardening run, if opted-in, append a short, dated summary to `memory/YYYY-MM-DD.md` (what was checked, key findings, actions taken, any scheduled cron jobs, key decisions, and all commands executed). Append-only: never overwrite existing entries. +Redact sensitive host details (usernames, hostnames, IPs, serials, service names, tokens). If there are durable preferences or decisions (risk posture, allowed ports, update policy), also update `MEMORY.md` (long-term memory is optional and only used in private sessions).