ClawHub

Neomano VPS Monitoring (DigitalOcean)

v0.1.2

Monitor DigitalOcean VPS droplets by listing instances and fetching CPU, memory, disk, and bandwidth metrics with summaries using the DigitalOcean API.

1· 115·0 current·0 all-time
by@elandivar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md and scripts implement DigitalOcean droplet listing and metric queries that match the skill description. However, the top-level registry 'Requirements' section listed no required env vars or binaries while the SKILL.md (and the script) require python3 and DIGITALOCEAN_TOKEN — an inconsistency to be aware of.
Instruction Scope
Runtime instructions only tell the agent to read DIGITALOCEAN_TOKEN and call the DigitalOcean API endpoints to list droplets and fetch metrics. The code does not read other files or env vars, nor does it send data to endpoints outside api.digitalocean.com.
Install Mechanism
There is no install spec (instruction-only style) and the included Python script runs in-place. No external binary downloads or archive extracts are used.
Credentials
The script requires a single credential (DIGITALOCEAN_TOKEN) which is appropriate for the stated purpose. The registry metadata failing to declare that requirement is an inconsistency; verify you provide a token with minimal necessary scope (read/monitoring-only) before use.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide configuration changes, and does not modify other skills' configs. It runs only when invoked.
Assessment
This skill appears to be what it says: a Python helper that queries DigitalOcean's official API. Before installing: (1) Confirm the registry metadata mismatch — the skill requires python3 and DIGITALOCEAN_TOKEN even though the top-level listing omits them. (2) Create a DigitalOcean token scoped as narrowly as possible (read/monitoring only) and avoid reusing a high-privilege token. (3) Review the full script locally (you already have it) and run it in a test environment or sandbox first. (4) Prefer supplying the token via a controlled environment file (e.g., ~/.openclaw/.env) or CI secret store rather than pasting it into chat. (5) Rotate the token if you stop using the skill or if you share it with others.

Like a lobster shell, security has layers — review code before you run it.

digitaloceanvk975bt7w7wzrkcshp0nt5s9h25834chedropletsvk975bt7w7wzrkcshp0nt5s9h25834chelatestvk97abga5dgqjxvt7pxdd47efs1839bfsmetricsvk975bt7w7wzrkcshp0nt5s9h25834chemonitoringvk975bt7w7wzrkcshp0nt5s9h25834chevpsvk975bt7w7wzrkcshp0nt5s9h25834che

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments