ground-control

The skill's name/description match what it does: 5-phase verification and optional auto-repair of config and cron. The capabilities it needs (read/patch config, list/update cron, spawn sessions, send messages) are coherent and necessary for those features.

All runtime instructions are contained to OpenClaw primitives (gateway, cron, sessions_spawn, message). The skill explicitly instructs the agent to redact sensitive nodes (auth/plugins/credentials) and to never log literal secrets. It reads runtime config and writes a non-sensitive report to memory/ and an ops channel (expected). This is scoped appropriately, but it relies on correct runtime enforcement of the redaction rules — a buggy agent implementation could still leak secrets.

Instruction-only skill with no install spec and no downloaded code. Lowest-risk install mechanism.

The skill declares no environment variables or external credentials. It uses the platform's existing runtime capabilities to probe provider liveness and channels; this is proportional to its stated purpose.

The skill can auto-patch runtime config and cron (powerful operations). Auto-fix is bounded by guardrails (dry-run, pause if >3 fields changed, logs before/after). Users should ensure the agent has only necessary permissions and that backups are available before enabling auto-fix.