Back to skill
Skillv1.2.1
ClawScan security
Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 9:32 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required variables are coherent with its stated purpose (monitor Claude/Anthropic via the local OpenClaw gateway and send Telegram alerts); no unexplained credentials, hidden endpoints, or unexpected install behaviors were found.
- Guidance
- This skill appears to do what it claims, but review and confirm before installing: 1) You will give the skill your OpenClaw gateway token (sensitive) which it stores in ~/.openclaw/skills/claude-watchdog/claude-watchdog.env; make sure you are comfortable storing that token and that the file permissions remain restrictive (setup sets 600). 2) The setup installs cron jobs that run every 15 minutes — back up your existing crontab if you want to review changes first. 3) The registry metadata marks TELEGRAM_TOPIC_ID (and some other vars) as required, but the scripts treat them as optional with defaults — expect minor metadata/documentation mismatch. 4) The scripts only contact status.claude.com, your local OpenClaw gateway (localhost), and the Telegram Bot API; verify you are comfortable those endpoints receive the minimal probe/status data. If any of these points are concerning, inspect the three scripts directly and/or run setup.sh interactively and review the written env file before allowing cron installation.
Review Dimensions
- Purpose & Capability
- okRequested binaries (python3, crontab, curl), Telegram tokens/IDs, and the OpenClaw gateway token/port are all used by the included scripts. MONITOR_MODEL/PROBE_MODEL/PROBE_AGENT_ID are used to target and tag probes and status filtering. No unrelated cloud credentials or services are requested.
- Instruction Scope
- noteRuntime instructions are scoped to (1) polling status.claude.com, (2) probing the local OpenClaw gateway, and (3) sending Telegram messages. The setup script installs cron jobs, writes a single env file under ~/.openclaw/skills/claude-watchdog/, and runs an initial check — all described in SKILL.md. The SKILL.md and setup instruct how to locate the OpenClaw gateway token (reading ~/.openclaw/openclaw.json) — this is required for probes but is sensitive and worth conscious consent from the user.
- Install Mechanism
- okThis is instruction-only (no external install/download). Setup.sh writes config and installs cron jobs. No third-party packages or arbitrary downloads are performed. Cron-based persistence is the expected mechanism for periodic monitoring.
- Credentials
- noteEnv vars requested map to the functionality (Telegram + gateway + probe/status tuning). Minor inconsistency: TELEGRAM_TOPIC_ID is declared as a required env in the registry metadata but treated as optional in SKILL.md and the scripts. PROBE_MODEL and PROBE_AGENT_ID also have sensible defaults in code despite being listed in the required envs. The OpenClaw gateway token is sensitive but justified by the probe design.
- Persistence & Privilege
- okThe skill does not request always:true and does not alter other skills' configuration. It installs user-level cron jobs and stores its own config/state under ~/.openclaw/skills/claude-watchdog/ with permissions set to 600 — this is a reasonable level of persistence for a monitoring tool.