Skillv1.0.0

ClawScan security

Pc Monitor Cn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 25, 2026, 1:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a small, self-contained PC/system monitoring skill whose code matches its description and does not request credentials or contact external services beyond optionally installing psutil from PyPI at runtime.
Guidance: This skill appears to be a straightforward local system monitor. Things to consider before installing: (1) monitor.sh will call 'pip3 install psutil' at runtime if psutil is missing — consider installing psutil yourself in a virtualenv or your user environment to avoid modifying system Python packages; (2) run the scripts locally to verify output before integrating them into an automated workflow; (3) the README/SKILL.md reference 'system-monitor' paths while the registry slug is 'pc-monitor-cn' — this is likely a packaging/name mismatch but not necessarily malicious; (4) because the script can install packages, avoid running it as root unless you intend to modify system-wide Python packages. No credentials or network exfiltration are present in the code.

Purpose & Capability: okThe skill name/description (PC/system resource monitoring) matches the included Python and shell scripts which collect CPU, memory, disk and network stats. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md and README instruct running the included scripts only. The shell wrapper will attempt to install psutil via pip3 if it's missing, which triggers a network installation step at runtime; aside from that, the scripts only read local system metrics via psutil/shutil and do not reference other files, env vars, or external endpoints. Minor packaging inconsistency: the docs and script paths use 'system-monitor' while the registry slug/name is 'pc-monitor-cn'.
Install Mechanism: noteNo formal install spec is provided (instruction-only skill), but monitor.sh auto-installs the dependency psutil using 'pip3 install psutil -q' if it's not present. Installing from PyPI at runtime is expected for this purpose but can change system Python packages; there is no pinned version or use of a virtual environment.
Credentials: okNo environment variables, credentials, or config paths are requested. The code does not attempt to access secrets or unrelated configuration.
Persistence & Privilege: okThe skill is user-invocable, not always-enabled, and does not modify other skills or system settings. It does not request persistent privileges beyond normal script execution.