system-health-checkSystem health validator ā checks skill files, paths, permissions, binaries, backup freshness, and encryption. Produces pass/fail reports.
Install via ClawdBot CLI:
clawdbot install satoshistackalotto/system-health-checkThis skill validates the entire OpenClaw Greek Accounting system in a single command. It checks skill file integrity, directory structure, file permissions, required dependencies, backup freshness, encryption status, and process lock health. Designed to run daily via cron or manually before critical operations.
export OPENCLAW_DATA_DIR="/data"
which jq openssl || sudo apt install jq opensslRead-only validation skill. Checks file presence, directory structure, permissions, and backup freshness. Never modifies any data.
# Run all checks
openclaw health-check --all
# Run all checks with verbose output
openclaw health-check --all --verbose
# Run all checks and write report to /data/reports/system/
openclaw health-check --all --save-report# Check skill files only
openclaw health-check --skills
# Check directory structure against canonical data map
openclaw health-check --directories
# Check file permissions on sensitive directories
openclaw health-check --permissions
# Check required binaries and dependencies
openclaw health-check --dependencies
# Check backup freshness and integrity
openclaw health-check --backups
# Check for stale process locks
openclaw health-check --locks
# Check encryption status on sensitive directories
openclaw health-check --encryption
# Check data integrity hashes
openclaw health-check --integrity# Quick check ā skills + directories + locks (for hourly cron)
openclaw health-check --quick
# Standard check ā everything except full integrity hash verification (for daily cron)
openclaw health-check --standard
# Deep check ā all checks including full hash verification (for weekly cron)
openclaw health-check --deepVerifies all 19 operational skills and the canonical data map are present and well-formed.
Skill_File_Checks:
presence:
description: "Every skill folder contains a SKILL.md file"
expected_count: 20
check: "ls skills/*/SKILL.md"
frontmatter:
description: "Every SKILL.md has valid YAML frontmatter with required fields"
required_fields: ["name", "description", "version", "author", "tags", "metadata"]
check: "Parse frontmatter block between --- delimiters"
evals:
description: "Every operational skill has an EVALS.json file"
expected_count: 19
excluded: ["canonical-data-map"]
check: "ls skills/*/EVALS.json, validate JSON syntax"
evals_content:
description: "Each EVALS.json contains at least 5 test cases"
minimum_cases: 5
check: "Parse JSON, count array length"
skill_inventory:
- "canonical-data-map"
- "accounting-workflows"
- "greek-compliance-aade"
- "cli-deadline-monitor"
- "greek-email-processor"
- "greek-individual-taxes"
- "openclaw-greek-accounting-meta"
- "aade-api-monitor"
- "greek-banking-integration"
- "greek-document-ocr"
- "efka-api-integration"
- "dashboard-greek-accounting"
- "client-data-management"
- "user-authentication-system"
- "conversational-ai-assistant"
- "greek-financial-statements"
- "client-communication-engine"
- "system-integrity-and-backup"
- "analytics-and-advisory-intelligence"
- "memory-feedback"Checks all canonical directories exist under /data/ as specified in the canonical data map (Skill 00).
Directory_Checks:
top_level:
required:
- "/data/incoming/"
- "/data/processing/"
- "/data/clients/"
- "/data/compliance/"
- "/data/banking/"
- "/data/ocr/"
- "/data/efka/"
- "/data/reports/"
- "/data/exports/"
- "/data/imports/"
- "/data/dashboard/"
- "/data/auth/"
- "/data/backups/"
- "/data/gdpr-exports/"
- "/data/memory/"
- "/data/system/"
subdirectories:
incoming:
- "/data/incoming/invoices/"
- "/data/incoming/receipts/"
- "/data/incoming/statements/"
- "/data/incoming/government/"
- "/data/incoming/payroll/"
- "/data/incoming/tax-documents/"
- "/data/incoming/contracts/"
- "/data/incoming/other/"
processing:
- "/data/processing/ocr/"
- "/data/processing/classification/"
- "/data/processing/reconciliation/"
- "/data/processing/compliance/"
system:
- "/data/system/logs/"
- "/data/system/logs/audit/"
- "/data/system/process-locks/"
- "/data/system/integrity/"
unexpected_directories:
description: "Flag any top-level directory under /data/ not in the canonical map"
action: "WARN ā may indicate a skill creating non-canonical paths"Validates OS-level file permissions on sensitive directories.
Permission_Checks:
restricted_directories:
- path: "/data/auth/"
expected_mode: "700"
description: "Auth directory must be restricted to service user"
- path: "/data/auth/users/*/credentials.json"
expected_mode: "600"
description: "Credential files must not be world-readable"
sensitive_directories:
- path: "/data/clients/"
expected_mode: "700"
description: "Client data directory should be restricted"
- path: "/data/backups/"
expected_mode: "700"
description: "Backup directory should be restricted"
note: "Permission checks may report SKIP on systems where the OpenClaw agent runs as root or in a container without OS-level permission enforcement."Verifies required binaries and environment variables are available.
Dependency_Checks:
required_binaries:
- name: "jq"
check: "which jq"
used_by: "All skills ā JSON processing"
- name: "curl"
check: "which curl"
used_by: "AADE monitor, email processor, EFKA, memory-feedback"
- name: "openssl"
check: "which openssl"
used_by: "System integrity, backup encryption"
required_env_vars:
- name: "OPENCLAW_DATA_DIR"
description: "Root data directory path"
default: "/data/"
optional_env_vars:
- name: "OPENCLAW_ENCRYPTION_KEY"
description: "Master encryption key for data-at-rest"
warn_if_missing: true
- name: "GITHUB_TOKEN"
description: "GitHub PAT for memory-feedback PR workflow"
warn_if_missing: true
- name: "SMTP_HOST"
description: "Mail server for client communications"
warn_if_missing: trueChecks that backups are current per the schedule defined in Skill 17.
Backup_Checks:
weekly_full:
description: "Full backup should exist from within the last 7 days"
location: "/data/backups/"
pattern: "full_*.tar.enc"
max_age_days: 7
severity: "HIGH if missing"
daily_incremental:
description: "Incremental backup should exist from within the last 24 hours"
location: "/data/backups/"
pattern: "incremental_*.tar.enc"
max_age_hours: 26
severity: "MEDIUM if missing (allows 2-hour grace period)"
verification:
description: "Last backup verification should be within 7 days"
check: "Look for verification report in /data/reports/system/"
severity: "MEDIUM if stale"Detects stale process locks that may indicate crashed operations.
Lock_Checks:
location: "/data/system/process-locks/"
stale_threshold_minutes: 30
check_method:
- "List all .lock files"
- "Read timestamp from each lock file"
- "Flag locks older than threshold"
- "Check if process ID in lock file is still running"
actions:
stale_found: "WARN ā list stale locks with age and owning process"
suggestion: "Run: openclaw integrity clear-stale-locks --confirm"
active_found: "INFO ā list active locks (normal operation)"Verifies encryption configuration on directories that require it per the canonical data map.
Encryption_Checks:
mandatory_encrypted:
- "/data/auth/"
- "/data/clients/"
- "/data/compliance/"
- "/data/efka/"
- "/data/gdpr-exports/"
check_methods:
luks: "Check if volume is LUKS-encrypted via lsblk or cryptsetup status"
fscrypt: "Check fscrypt policy on directory"
env_key: "Verify OPENCLAW_ENCRYPTION_KEY environment variable is set"
note: "In development/testing environments, encryption may not be configured. Report as WARN, not FAIL."Validates file hashes against the integrity registry maintained by Skill 17.
Integrity_Checks:
registry_location: "/data/system/integrity/"
check_method:
- "Read hash registry for canonical files"
- "Recompute SHA-256 hashes for each file"
- "Compare against stored hashes"
- "Flag any mismatches"
scope:
quick: "Check 10% random sample of files"
standard: "Check all files modified in last 7 days"
deep: "Check all files in registry"
severity:
mismatch: "HIGH ā file has been modified outside normal skill operations"
missing_from_registry: "MEDIUM ā file exists but has no hash recorded"
missing_file: "HIGH ā registry references a file that no longer exists"āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā OpenClaw Greek Accounting ā Health Report ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā£
ā Run: 2026-02-19 15:30:00 (Europe/Athens) ā
ā Mode: standard ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
SKILLS
ā
20/20 SKILL.md files present
ā
20/20 frontmatter valid
ā
19/19 EVALS.json present
ā
All EVALS have 5+ test cases
DIRECTORIES
ā
16/16 top-level directories present
ā
No unexpected top-level directories
ā ļø 2 subdirectories missing (see details)
PERMISSIONS
ā
/data/auth/ ā mode 700
ā /data/clients/ ā mode 755 (expected 700)
DEPENDENCIES
ā
jq installed (v1.7.1)
ā
curl installed (v8.5.0)
ā
openssl installed (v3.0.13)
ā ļø OPENCLAW_ENCRYPTION_KEY not set
BACKUPS
ā
Full backup: 2026-02-16 02:00 (3 days ago)
ā
Incremental: 2026-02-19 03:00 (12 hours ago)
ā ļø Last verification: 2026-02-10 (9 days ago)
LOCKS
ā
No stale process locks
ENCRYPTION
ā ļø Encryption not detected on /data/clients/
ā ļø OPENCLAW_ENCRYPTION_KEY not set
INTEGRITY
ā
847/847 files match stored hashes
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
RESULT: 1 FAIL, 4 WARN ā review required
Details: openclaw health-check --all --verbose
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāWritten to /data/reports/system/health-check_{YYYYMMDD}_{HHMMSS}.json:
{
"timestamp": "2026-02-19T15:30:00Z",
"mode": "standard",
"result": "WARN",
"summary": {
"pass": 18,
"fail": 1,
"warn": 4,
"skip": 0
},
"checks": [
{
"category": "skills",
"check": "skill_files_present",
"result": "PASS",
"details": "20/20 SKILL.md files present"
},
{
"category": "permissions",
"check": "clients_directory_mode",
"result": "FAIL",
"expected": "700",
"actual": "755",
"remediation": "chmod 700 /data/clients/"
}
]
}{
"cron": {
"health-quick": {
"schedule": "0 */4 * * *",
"command": "openclaw health-check --quick --save-report",
"description": "Quick check every 4 hours"
},
"health-standard": {
"schedule": "0 7 * * *",
"command": "openclaw health-check --standard --save-report",
"description": "Standard check every morning at 07:00 Athens"
},
"health-deep": {
"schedule": "0 3 * * 0",
"command": "openclaw health-check --deep --save-report",
"description": "Deep check every Sunday at 03:00 Athens"
}
}
}# Health check status feeds into the dashboard system health panel
openclaw dashboard refresh --state system-health
# Dashboard shows: last check time, result, and count of issues# Failed health checks are logged as system failures for pattern detection
# Written to /data/memory/failures/ with failure_type: health_check_failed# Health check runs automatically before major operations
openclaw greek monthly-process --pre-flight-check
# Equivalent to: openclaw health-check --quick && openclaw greek monthly-process| Code | Meaning |
|------|---------|
| 0 | All checks passed (may include WARN) |
| 1 | One or more FAIL results |
| 2 | Health check itself failed to run (dependency missing, permission error) |
Generated Mar 1, 2026
A Greek accounting firm uses this skill to perform daily health checks on their OpenClaw system before processing client documents. It ensures all 19 operational skills are intact, directories are correctly structured, and backups are fresh, preventing data loss or compliance issues during tax season.
A compliance officer runs weekly deep checks to validate encryption status and file permissions on sensitive directories like /data/compliance/ and /data/gdpr-exports/. This helps meet Greek AADE regulations by ensuring data integrity and access controls are maintained.
An IT service provider schedules hourly quick checks via cron to monitor skill files and process locks for multiple client installations. This proactive approach detects issues like stale locks or missing dependencies early, reducing downtime and support calls.
A system administrator uses the skill to verify backup freshness and integrity in /data/backups/ before performing system updates or migrations. It ensures recovery points are valid and encryption is intact, safeguarding against data corruption.
New team members run individual check categories like --directories and --permissions to learn the OpenClaw system structure. This hands-on validation helps them understand file layouts and security settings without risking data modification.
Offer this skill as part of a premium OpenClaw subscription for accounting firms, providing automated health reports and alerts. Revenue comes from monthly fees based on the number of users or system checks performed.
Provide consulting services to set up and customize the health-check skill for clients, including cron scheduling and integration with monitoring tools. Revenue is generated through hourly rates or fixed project fees.
License the skill to large enterprises or government agencies in Greece for internal use, with added features like custom check modules and SLA guarantees. Revenue comes from annual licensing fees and maintenance contracts.
š¬ Integration Tip
Set up cron jobs with --quick for hourly checks and --standard for daily checks to automate monitoring without manual intervention.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.