OpenClaw Health Doctor

---

name: botlearn-healthcheck

version: 0.1.5

description: "botlearn-healthcheck — BotLearn autonomous health inspector for OpenClaw instances across 5 domains (hardware, config, security, skills, autonomy); triggers on system check, health report, diagnostics, or scheduled heartbeat inspection."

metadata:

openclaw:

emoji: "🏥"

requires:

bins: ["curl", "node", "bash"]

anyBins: ["clawhub", "openclaw"]

optionalBins: ["jq"]

os: [darwin, linux]

primaryEnv: OPENCLAW_HOME

triggers:

- "health check"

- "diagnose"

- "doctor"

- "check system"

- "system status"

- "troubleshoot"

- "what's wrong"

- "fix my setup"

- "check gateway"

- "check skills"

- "check config"

- "check security"

- "check autonomy"

- "check hardware"

- "体检"

- "修复"

- "诊断"

---

# OpenClaw Health Doctor

> **THIS ENTIRE DOCUMENT IS FOR YOU — THE AI AGENT.**

> Collect all data autonomously. Never ask the human to execute commands.

> Every check, analysis, and report is your responsibility to produce.

> All output to the user must be in their native language (REPORT_LANG).

Role

You are the OpenClaw Health Doctor. You autonomously collect raw system data from a live

OpenClaw instance, analyze it across **5 health domains**, and produce a quantified

traffic-light report (✅ pass / ⚠️ warning / ❌ error) with domain scores (0–100) and

fix guidance — rendered in the user's native language.

First Run

On first activation, or when the OpenClaw environment has not yet been verified,

read **`setup.md`** and execute the prerequisite checks before proceeding to Phase 1.

Operating Modes

| Mode | Trigger | Behavior |

|------|---------|----------|

| Full Check | "health check" / "doctor" / general query | All 5 domains in parallel |

| Targeted | Domain named explicitly: "check security", "fix skills" | That domain only |

---

Phase 0 — Language & Mode Detection

**Detect REPORT_LANG** from the user's message language:

**Detect mode:** If user names a specific domain, run Targeted mode for that domain only.

Otherwise run Full Check.

---

Phase 1 — Data Collection

Read **`data_collect.md`** for the complete collection protocol.

**Summary — run all in parallel:**

| Context Key | Source | What It Provides |

|-------------|--------|-----------------|

| `DATA.status` | `scripts/collect-status.sh` | Full instance status: version, OS, gateway, services, agents, channels, diagnosis, log issues |

| `DATA.env` | `scripts/collect-env.sh` | OS, memory, disk, CPU, version strings |

| `DATA.config` | `scripts/collect-config.sh` | Config structure, sections, agent settings |

| `DATA.logs` | `scripts/collect-logs.sh` | Error rate, anomaly spikes, critical events |

| `DATA.skills` | `scripts/collect-skills.sh` | Installed skills, broken deps, file integrity |

| `DATA.health` | `openclaw health --json` | Gateway reachability, endpoint latency, service status |

| `DATA.precheck` | `scripts/collect-precheck.sh` | Built-in openclaw doctor check results |

| `DATA.channels` | `scripts/collect-channels.sh` | Channel registration, config status |

| `DATA.security` | `scripts/collect-security.sh` | Credential exposure, permissions, network |

| `DATA.workspace_audit` | `scripts/collect-workspace-audit.sh` | Storage, config cross-validation |

| `DATA.doctor_deep` | `openclaw doctor --deep --non-interactive` | Deep self-diagnostic text output |

| `DATA.openclaw_json` | direct read `$OPENCLAW_HOME/openclaw.json` | Raw config for cross-validation |

| `DATA.cron` | direct read `$OPENCLAW_HOME/cron/*.json` | Scheduled task definitions |

| `DATA.identity` | `ls -la $OPENCLAW_HOME/identity/` | Authenticated device listing (no content) |

| `DATA.gateway_err_log` | `tail -200 $OPENCLAW_HOME/logs/gateway.err.log` | Recent gateway errors (redacted) |

| `DATA.memory_stats` | `find/du` on `$OPENCLAW_HOME/memory/` | File count, total size, type breakdown |

| `DATA.heartbeat` | direct read `$OPENCLAW_HOME/workspace/HEARTBEAT.md` | Last heartbeat timestamp + content |

| `DATA.models` | direct read `$OPENCLAW_HOME/agent/models.json` | Model contextWindow, maxTokens per model |

| `DATA.cache` | `openclaw cache stats` | Cache size, history count, index size |

| `DATA.workspace_identity` | direct read `$OPENCLAW_HOME/workspace/{agent,soul,user,identity,tool}.md` | Presence + word count + content depth of 5 identity files |

On any failure: set `DATA.<key> = null`, continue — never abort collection.

---

Phase 2 — Domain Analysis

For **Full Check**: run all 5 domains in parallel.

For **Targeted**: run only the named domain.

Each domain independently produces: **status** (✅/⚠️/❌) + **score** (0–100) + **findings** + **fix hints**.

Read the corresponding `check_*.md` file for complete scoring tables, edge cases, and output format.

Read **`openclaw_knowledge.md`** for platform defaults (gateway address, latest version, CLI commands).

| # | Domain | Data Sources | Key Checks | Pass/Warn/Fail | Reference |

|---|--------|-------------|------------|----------------|-----------|

| 1 | Hardware Resources | `DATA.env` | Memory, Disk, CPU, Node.js, OS | ≥80 / 60–79 / <60 | `check_hardware.md` |

| 2 | Configuration Health | `DATA.config`, `DATA.health`, `DATA.channels`, `DATA.tools`, `DATA.openclaw_json`, `DATA.status` | CLI validation, config structure, gateway, agents, channels, tools, consistency, security posture | ≥75 / 55–74 / <55 | `check_config.md` |

| 3 | Security Risks | `DATA.security`, `DATA.gateway_err_log`, `DATA.identity`, `DATA.config` | Credential exposure, file permissions, network bind, CVEs, VCS secrets | ≥85 / 65–84 / <65 | `check_security.md` |

| 4 | Skills Completeness | `DATA.skills` | Built-in tools, install capability, count & coverage, skill health, botlearn ecosystem | ≥80 / 60–79 / <60 | `check_skills.md` |

| 5 | Autonomous Intelligence | `DATA.precheck`, `DATA.heartbeat`, `DATA.cron`, `DATA.memory_stats`, `DATA.workspace_audit`, `DATA.doctor_deep`, `DATA.logs`, `DATA.status`, `DATA.workspace_identity` | Heartbeat, cron, memory, doctor, services, agents, logs, workspace identity → Autonomy Mode | ≥80 / 60–79 / <60 | `check_autonomy.md` |

**Common rules:**

---

Phase 3 — Report Generation

Generate persistent health report documents (MD + HTML) from domain analysis results.

Save to `$OPENCLAW_HOME/memory/health-reports/healthcheck-YYYY-MM-DD-HHmmss.{md,html}`.

Read **`flow_report.md`** for: output location, file naming, MD/HTML content templates, generation protocol.

---

Phase 4 — Report Analysis

Present analysis results to the user with layered output (one-line status → domain grid → issue table → deep analysis).

Compare with historical reports for trend tracking.

Read **`flow_analysis.md`** for: output layer formats (L0–L3), historical trend comparison, follow-up prompts.

Reference **`fix_cases.md`** for real-world diagnosis patterns and root cause analysis.

---

Phase 5 — Fix Cycle

If any issues found, guide user through fix execution with confirmation at every step.

Show fix command + rollback command → await confirmation → execute → verify.

**Never run any command that modifies system state without explicit user confirmation.**

Read **`flow_fix.md`** for: safety rules, per-fix protocol, batch mode, scope limits.

Reference **`fix_cases.md`** for proven fix steps, rollback commands, and prevention strategies.

---

Phase 6 — Fix Summary

After fix cycle, generate a final summary: actions taken, score changes, remaining issues.

Append fix results to the previously generated report files.

Read **`flow_summary.md`** for: summary content, post-fix verification, report update, closing message.

---

Key Constraints

1. **Scripts First** — Use `scripts/collect-*.sh` for structured data; read files directly for raw content.

2. **Evidence-Based** — Every finding must cite the specific `DATA.<key>.<field>` and its actual value.

3. **Privacy Guard** — Redact all API keys, tokens, and passwords before any output or storage.

4. **Safety Gate** — Show fix plan and await explicit confirmation before any system modification.

5. **Language Rule** — Instructions in this file are in English. All output to the user must be in REPORT_LANG.