ClawHub

Mission Control

v1.0.0

CLI-first system health aggregator for autonomous AI agents. Query all agent processes, resources, cron jobs, and services in one shot. Use when a user asks...

1· 438·1 current·1 all-time
by@dhawala4
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided files: mctl.sh inspects processes, resources, cron entries, and services (including openclaw CLI calls). No unrelated credentials, downloads, or tools are requested. package.json points to the same script as main.
Instruction Scope
Runtime instructions and the script perform broad local reads (pgrep/ps, /proc/loadavg, free, df, systemctl, journalctl, ss, and optionally openclaw and nvidia-smi). This is expected for a monitoring tool, but those operations can reveal sensitive local information (process command lines, logs). The SKILL.md clearly documents the commands and requires confirmation for restart operations.
Install Mechanism
No network install or external downloads; install is a local copy (clawhub or cp). No extract-from-URL or third-party package registries are used.
Credentials
The skill declares no required environment variables or credentials and the script does not attempt to read secrets from unrelated env vars or config paths. It sets a temporary TMPDIR internally when producing JSON.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill can be invoked autonomously by the agent (disable-model-invocation:false), which is platform default; combined with the ability to read logs/process lists, autonomous runs could expose system state without interactive user review. Restart requires sudo and the script documents confirmation is required.
Assessment
This skill appears to do what it says: local monitoring of OpenClaw-related processes, resources, cron jobs, and systemd services. Before installing: 1) Review the mctl.sh script yourself (it runs journalctl, systemctl, pgrep, etc.) if you have sensitive logs or process command-lines you don't want exposed. 2) Ensure the agent will ask you before performing a restart (restart uses sudo). 3) Because the agent can invoke skills autonomously by default, consider whether you trust the agent to run this tool without interactive approval — it only accesses local state and does not call external endpoints, but it can collect potentially sensitive local information. 4) Optionally test on a non-production host first. Minor note: some JSON output paths in the script look slightly buggy (harmless but may affect machine-readable output).

Like a lobster shell, security has layers — review code before you run it.

latestvk972dvhy4rtc8henpgzf95c47n82c91h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments