Weights & Biases Monitor
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: wandb-monitor Version: 1.0.0 The OpenClaw AgentSkills skill bundle for 'wandb-monitor' is classified as benign. All Python scripts (`characterize_run.py`, `check_runs.py`, `compare_runs.py`, `run_details.py`, `watch_runs.py`) exclusively interact with the Weights & Biases (W&B) API to fetch and analyze training run data, which aligns perfectly with the skill's stated purpose. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation. The `SKILL.md` instructions are clear, guide the agent to use the provided scripts, and do not contain any prompt injection attempts to deviate from the intended functionality or access sensitive, unrelated data.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can view W&B runs, metrics, configs, and summaries available to the logged-in W&B account.
The skill explicitly relies on W&B account authentication, which is expected for private run monitoring but gives the scripts access to data available to that W&B identity.
wandb login # Or set WANDB_API_KEY in environment
Use a W&B account/API key with only the access needed for the projects you want monitored, and avoid storing secrets in W&B run configs.
If used broadly, the skill may surface more W&B project/run information than the user intended to review in the agent session.
The skill documents an option that can enumerate all projects for a W&B entity; this is purpose-aligned monitoring behavior but broader than checking a single run or project.
`--all-projects` — Check all projects
Prefer explicit entity/project/run arguments unless you intentionally want an all-projects briefing.
Running the watch script without an entity could check an unintended W&B entity/project set rather than the user's own workspace.
The script text says the no-argument mode uses a default entity from config, but the implementation hardcodes a specific entity name.
watch_runs.py # uses default entity from config
...
parser.add_argument("entity", nargs="?", default="chrisvoncsefalvay", help="W&B entity (username/org)")Always pass the intended W&B entity and projects explicitly, or edit/remove the hardcoded defaults before use.
Users may need to verify the package environment and publisher trust themselves before relying on the helper scripts.
The registry metadata provides limited provenance and no install/dependency declaration even though the included scripts depend on the wandb Python package and W&B authentication.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Install/verify the wandb package from a trusted source and review the included scripts before using W&B credentials.