A 0-token jobs + monitoring framework for OpenClaw: run long-running read tasks via scripts, checkpoint/resume safely, and send periodic progress + immediate alerts to Telegram. Write jobs are blocked by default and must be explicitly approved and verified.
Security Analysis
high confidenceThe skill's files, instructions, and runtime behavior are coherent with a local jobs+monitoring tool that reports status via OpenClaw or Telegram; nothing requested or installed is disproportionate to that purpose.
Name/description match the included materials: SKILL.md/OPS_FRAMEWORK.md describe a local jobs monitor and ops-monitor.py implements it. The script's behaviors (running configured job commands, checking statuses, and sending Telegram messages via openclaw or a bot token in openclaw.json) are exactly what the skill claims.
Runtime instructions keep activity local (copy files to OPENCLAW_HOME, run python3 ops-monitor.py, configure ops-jobs.json). The script intentionally executes user-provided commands from job configs and sends status/alerts to Telegram; this is part of the stated purpose but means the tool can surface any command output (including sensitive data) if you configure jobs to produce it. One-shot write jobs are documented as blocked by default, and example configs default to disabled jobs.
No install spec or remote downloads are present — this is instruction-only with a local Python script. Nothing is fetched from external URLs during install.
The skill requires no declared env vars or external credentials, but at runtime the script reads OPENCLAW_HOME/openclaw.json (to discover Telegram target and botToken) and will use an available openclaw binary if present. Reading that config and optionally using the bot token is proportional to the skill's 'send Telegram alerts' feature; however openclaw.json may contain sensitive tokens, so granting the script access effectively gives it permission to send arbitrary messages via that token.
always:false (normal). The script writes its own state under ~/.openclaw/net/state/ops-monitor.json and config is stored under ~/.openclaw/net/config; it does not request persistent platform-wide privileges or modify other skills. That level of persistence is expected for a local monitor.
Guidance
This package is coherent and implements what it says, but review before enabling: 1) Inspect ops-jobs.json and keep all jobs disabled until you trust commands; the script will run whatever command you configure and may include output (stdout/stderr tails) in Telegram alerts. 2) Check your ~/.openclaw/openclaw.json — it may contain a Telegram botToken that the script will use to send messages; only allow the script access if you intend it to send messages. 3) Run python3 ops-monitor.py --print-only / selftest to verify behavior and test with dummy jobs. 4) Do not enable or grant approval for write-type jobs unless you audited the commands and linked verification jobs. 5) Because the source is 'unknown', consider running the script in a limited user account or VM, confirm there are no unexpected network endpoints beyond Telegram API, and lock file permissions on your OpenClaw config/state. If you want higher assurance, request the upstream repo or a signed release for code review.
Latest Release
v0.1.0
Initial release
More by @Zjianru
Published by @Zjianru on ClawHub
