Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Overkill Mission Control
v1.0.1Comprehensive Mission Control dashboard for OpenClaw - monitor agents, automation, teams, documents, messages, and system metrics. Features real-time dashboa...
⭐ 0· 309·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to be a dashboard (Next.js) which reasonably needs Node/Next and a way to serve port 3000, but the registry metadata lists no required binaries/envs while the SKILL.md clearly expects npm, Node.js 22+, Next.js, SQLite and tailscale. The instructions also hardcode a username (User=broedkrummen) and reference host paths (/etc/systemd, /mnt/openclaw/state), which is unusual and brittle for a generic dashboard.
Instruction Scope
The runtime instructions tell the operator/agent to create systemd service files under /etc/systemd/system, run sudo tailscale serve as root, run npm in a home workspace, and read/write databases under /mnt/openclaw/state. These are host-wide, privileged operations (creating services, invoking sudo) and reference specific user/home paths; the skill also tells the agent to trigger polling endpoints that execute tasks, which increases the risk surface.
Install Mechanism
This is instruction-only (no install spec), so there is no archive download or package installation performed by the skill bundle itself. However the embedded frontmatter lists install steps (npm install in mission-control, creation of systemd units) — those steps would write privileged files on the host if followed. There are no external download URLs, which reduces one class of risk, but the instructed host modifications are high-impact.
Credentials
The skill declares no required env vars or primary credential, yet the instructions require services and tools (Node.js, npm, tailscale, systemd access) and access to host DB paths. It also hardcodes a specific system user and expects root/sudo for the tailscale service. Requesting elevated privileges and direct access to /mnt/openclaw/state without declaring them is disproportionate to the stated metadata.
Persistence & Privilege
Although always:false, the instructions persistently modify the host by creating systemd services (mission-control.service and tailscale-serve.service) and configuring long-running processes that run as a particular user or root. That gives the skill (or an agent executing these steps) long-lived presence on the host and potential to run autonomously — combining persistence with privileged operations is high-risk.
What to consider before installing
Do not run these instructions on a production host without review. The SKILL.md asks you to create systemd services, use sudo/root, and expose a local port via Tailscale while referencing hardcoded usernames and host DB paths — but the registry metadata lists no requirements. Before installing: 1) verify the upstream source (the GitHub link is generic); 2) review the exact service unit files and remove hardcoded usernames or unnecessary sudo; 3) run in an isolated VM/container or staging host first; 4) do not grant root to unknown code and avoid exposing private agent endpoints via Tailscale unless you understand the access model; 5) request the author to declare required binaries/envs and to avoid hardcoded paths; and 6) if you plan to let agents invoke this autonomously, be aware that persistence + privileged actions significantly increases blast radius.Like a lobster shell, security has layers — review code before you run it.
automationvk9767q7z5vt6z66a4jp37ysme982gdbrdashboardvk9767q7z5vt6z66a4jp37ysme982gdbrlatestvk9767q7z5vt6z66a4jp37ysme982gdbrmission-controlvk9767q7z5vt6z66a4jp37ysme982gdbrmonitoringvk9767q7z5vt6z66a4jp37ysme982gdbropenclawvk9767q7z5vt6z66a4jp37ysme982gdbr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎯 Clawdis