Procmon
PassAudited by ClawScan on May 10, 2026.
Overview
Procmon is a coherent local process-monitoring skill with expected system-inspection commands and optional local logging, with no evidence of hidden network access, credential use, or destructive behavior.
Before installing, be aware that this skill can inspect local processes and listening ports, and its log command can save process details under ~/.procmon. The provided artifacts do not show hidden network transmission, credential handling, or destructive process-control actions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used, the skill may show the agent process names, PIDs, resource usage, and listening ports on the machine.
The script invokes standard local diagnostic tools to enumerate processes and listening network ports. This is expected for Procmon's stated purpose, but it gives the agent visibility into local system activity.
ps aux --sort=-%cpu ...; ss -tlnp ...; netstat -tlnp ...
Use it only in environments where sharing local process and port information with the agent is acceptable.
Process-monitoring results can remain on disk after the command finishes.
The log command persists process-monitoring output to a local file under the user's home directory. This is disclosed and purpose-aligned, but retained logs may contain local process information.
LOG_DIR="${HOME}/.procmon" ... echo "[$ts] process=$name matches=$count" >> "$logfile"Review or delete files in ~/.procmon if you do not want historical process-monitoring logs retained.