ClawHub

System Monitor

PassAudited by ClawScan on May 4, 2026.

Overview

The skill appears to be a straightforward local system monitor, but it can display host/process details and run continuously when asked.

This skill looks safe for its stated purpose. Before installing or running it, remember that process listings can expose command-line details and watch mode runs until stopped; use it only on systems you are comfortable inspecting.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

Running the skill may reveal local process names, users, and command-line arguments in the agent's output.

Why it was flagged

The script runs a fixed local process-listing command and captures process command lines. This is expected for process monitoring, but command lines can contain sensitive parameters.

Skill content
result = subprocess.run(
            ['ps', 'aux', '--sort=-%cpu'],
            capture_output=True, text=True
        )
...
'command': ' '.join(fields[10:])
Recommendation

Use it only on systems you intend to inspect, and review process output before sharing or storing it.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The skill may fail or behave differently on non-Linux systems or environments without these standard tools.

Why it was flagged

The implementation assumes Linux /proc files and system binaries such as df, while the metadata declares no required binaries or OS restriction. This is purpose-aligned but under-declared.

Skill content
with open('/proc/stat', 'r') as f:
...
result = subprocess.run(['df', '-B1', '-T'], capture_output=True, text=True)
Recommendation

Treat it as a Linux-oriented monitor and verify that df and ps are available before relying on it.

NoteHigh Confidence
ASI10: Rogue Agents
What this means

If run in watch mode, the command keeps using the terminal and continues collecting/displaying system status until stopped.

Why it was flagged

Watch mode repeats indefinitely until interrupted. This is disclosed and foreground-only, but users should notice the long-running behavior.

Skill content
while True:
            status = get_status()
...
            if args.watch:
                time.sleep(args.interval)
...
    except KeyboardInterrupt:
        print("\nStopped")
Recommendation

Run watch mode intentionally, use a reasonable interval, and stop it with Ctrl-C when monitoring is no longer needed.