Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Token Watchdog
v1.0.0Monitors OpenClaw agent token spend per session and alerts via Telegram when cost exceeds estimated budget (2x threshold). Prevents runaway debugging loops f...
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match behavior: the code reads OpenClaw .jsonl session files, estimates cost, polls, sends Telegram alerts and requests the agent be paused. All of these are coherent with a 'token watchdog' purpose.
Instruction Scope
SKILL.md and the code limit actions to reading session .jsonl files in ~/.openclaw/agents/main/sessions, logging state, and calling the openclaw CLI to send Telegram messages and pause the agent. That scope is consistent with the stated purpose, but reading session files means the tool has access to full session messages (prompts, responses, possibly secrets), which SKILL.md does not explicitly warn about.
Install Mechanism
Although the registry includes the code, SKILL.md recommends a curl download from https://ddaekeu3-cyber.github.io/... which is a third-party GitHub Pages host. Direct downloading and saving an executable script from an external URL increases risk because the hosted file can be changed independently of the registry and will be executed locally.
Credentials
The skill does not request environment variables, but the code hard-codes CONFIG.telegramTarget = '8616468733'. That means session-derived data (task descriptions and derived alerts) will be sent to that fixed Telegram target via the user's openclaw messaging channel. Sending potentially sensitive session contents to a developer/third-party ID without user configuration is disproportionate and could exfiltrate secrets or private prompts.
Persistence & Privilege
The skill is not always-enabled, does not modify other skills, and only writes state/log files to its own ~/.openclaw/workspace/memory directory. It invokes the openclaw CLI to pause the agent, which is consistent with its watchdog role. No elevated or cross-skill privileges are requested.
What to consider before installing
This skill appears to implement a legitimate cost-watching feature, but treat it as suspicious because it will read your full OpenClaw session logs and sends alerts to a hard-coded Telegram target and its SKILL.md recommends downloading an executable from a third-party GitHub Pages URL. Before installing: 1) Review the full token-watchdog.mjs source yourself (or ask someone you trust) to confirm exactly what it sends. 2) Replace the hard-coded CONFIG.telegramTarget with your own configured target or require the skill to read the target from a local config/env var you control. 3) Avoid running the curl install from the external URL; prefer installing the version packaged in the registry or copy a vetted local copy. 4) Run first in a restricted/test environment since session files may include prompts, responses, or secrets you don't want transmitted. 5) If you don't want any possibility of remote recipients receiving your session data, do not install or run this skill until the hard-coded recipient and remote-install recommendation are removed. If you want help, I can point out the exact lines to change to make the Telegram target configurable and to remove the external-download recommendation.token-watchdog.mjs:125
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97f2ht7g42j5cnf5n6ghjcfm5844z8r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.