Claw Reliability
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for agent observability, but it handles local agent transcript data and can send optional webhook alerts, so users should understand those data flows before enabling it.
This appears suitable for its stated observability purpose. Before installing, be aware that it reads OpenClaw session transcripts, keeps a local SQLite metrics database and alert log, runs a local dashboard, and may send alert summaries to external webhooks if you configure them. Use trusted webhook destinations and protect the local data files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Local metrics may include sensitive tool names, arguments, errors, paths, session IDs, token usage, and cost data.
The skill intentionally collects and persists agent transcript-derived data, including tool arguments, which may contain sensitive context even though the storage is local and purpose-aligned.
This skill reads OpenClaw gateway events and session transcripts to extract: ... Tool invocations ... arguments ... All data is stored in a local SQLite database at `{baseDir}/data/metrics.db`.Use it only on trusted machines, protect or periodically delete data/metrics.db and alert logs, and avoid enabling it for sessions that may contain secrets unless you are comfortable with local retention.
A configured Discord or other webhook can receive alert messages derived from local agent activity, including sanitized error snippets or operational metadata.
When the user configures a webhook, alert data is sent to that external endpoint; this is disclosed and sanitized, but the webhook becomes a data boundary.
req = urllib.request.Request(self.webhook_url, data=data, headers={"Content-Type": "application/json", "User-Agent": "claw-reliability/1.0"}, method="POST")Only use trusted webhook URLs, assume the destination can read alert content, and review alert details before enabling external notifications in sensitive environments.
Anyone with access to the config file may be able to see or reuse the webhook URL, and the skill can post to the configured channel.
The optional Discord webhook URL is stored in the skill configuration and gives the skill delegated ability to post alerts to that Discord destination.
cfg.setdefault("alert_destinations", {})["discord"] = {"enabled": True, "webhook_url": args.webhook_url}Treat webhook URLs as credentials, keep config.yaml private, rotate the webhook if exposed, and remove it when alerts are no longer needed.
Opening the dashboard depends on external CDN resources, which may be undesirable in air-gapped or high-security environments.
The dashboard loads browser JavaScript from public CDNs, which is purpose-aligned for a web UI but adds third-party supply-chain dependence.
<script src="https://cdnjs.cloudflare.com/ajax/libs/react/18.2.0/umd/react.production.min.js"></script> ... <script src="https://cdnjs.cloudflare.com/ajax/libs/babel-standalone/7.23.9/babel.min.js"></script>
For sensitive deployments, vendor these assets locally or add integrity/pinning controls, and install Python dependencies from trusted, pinned sources.