SLA Monitor
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: sla-monitor Version: 1.0.0 The skill bundle is classified as suspicious due to the presence of a direct shell command (`docker run`) within the `SKILL.md` file. While the command itself is for a legitimate purpose (installing Uptime Kuma), it represents a potential prompt injection vulnerability, as an AI agent executing arbitrary shell commands from markdown instructions could lead to remote code execution if not properly sandboxed or confirmed by the user. There is no clear evidence of intentional malicious behavior such as data exfiltration or backdoor installation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you run this command, it will start a long-running monitoring service on the host using a third-party container image.
This optional self-hosted monitoring command would pull and run a Docker container, expose port 3001, create a volume, and keep the service restarting; this is aligned with the monitoring purpose but is executable and persistent if used.
docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1
Run it only on an intended host, verify the container image and version, review the exposed port and volume, and know how to stop or remove the container.
If a real Slack webhook is exposed or committed into a shared config, others may be able to send messages to that Slack channel.
The alert configuration template expects a Slack webhook secret for notifications; this is expected for Slack alerting, but a real webhook grants posting ability to the configured Slack destination.
webhook: "${SLACK_WEBHOOK}"Store the webhook securely, use a channel-specific or least-privilege integration, and avoid committing real webhook values into generated files.