Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Windows Api Monitor
v1.0.0监控并统计Windows环境下OpenClaw API调用,支持实时分析、历史追踪及阈值告警,生成多维度使用报告。
⭐ 0· 62·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description claim to monitor OpenClaw API usage on Windows and the code indeed reads ~/.openclaw logs and computes usage/costs — that is coherent. However SKILL.md references Windows Event Logs and several scripts (PowerShell/batch and other Python modules like report_generator.py, alerts.py, realtime_monitor.py) that are not present in the manifest. The SKILL.md also claims Windows-native features while most code uses the user's home .openclaw paths (which is workable on Windows but is not explicitly adjusted). Overall purpose aligns but the documentation and file manifest mismatch and extra claimed features are unexplained.
Instruction Scope
Runtime instructions tell the agent/user to run Python/PowerShell/batch scripts that read ~/.openclaw/logs and cache model_usage JSON. The code will read and parse log contents and write reports and state files under the skill workspace (reports/, state/). That can include full log lines or JSON entries that may contain user prompts, responses, or other sensitive data. SKILL.md states the skill 'only monitors OpenClaw API usage' and recommends redaction/encryption, but the code does not enforce encryption and default config enables include_details=true and log_redaction=true in settings (redaction appears to be a configuration flag, but I found no evidence of enforced redaction in the parser code). SKILL.md instructs running scripts (e.g., scripts/check_api.ps1, scripts/check_api_fixed.bat) that are not present. Also parts of included Python files appear truncated/buggy (a stray 'p' in api_monitor.py and references to functions/classes that are not defined in the visible code), meaning runtime behavior could fail or behave unexpectedly.
Install Mechanism
There is no install spec (instruction-only), so nothing new is downloaded or executed by an installer. The code bundle is present and intended to be run by the local Python interpreter; this is lower install risk than remote downloads. The SKILL.md states Python 3.8+ is required, but this is not enforced by a platform install step.
Credentials
The skill requests no environment variables or external credentials by default. Configuration supports SMTP credentials and webhook URLs (empty by default) which would allow external notification; those are optional but present in config/settings.yaml. The presence of fields for SMTP username/password and webhook URL is plausible for alerting, but if a user populates those, the skill will be capable of sending parsed log contents externally. Default settings do not require credentials, but the capability to exfiltrate exists if configured.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills. It stores its own state and reports under its workspace (state/, reports/) which is expected for a monitoring tool. Autonomous invocation is allowed by platform defaults and not by itself a red flag here.
Scan Findings in Context
[pre_scan_injection_signals_none] expected: Static pre-scan reported no injection signals. That is consistent with a mostly-local Python utility, but absence of scanner flags does not guarantee safety.
[missing_files_referenced_in_SKILL_md] unexpected: SKILL.md references scripts (check_api.ps1, check_api_fixed.bat, realtime_monitor.py, report_generator.py, alerts.py) and docs that are not present in the file manifest; this mismatch is unexpected and reduces confidence in the package.
[potential_sensitive_data_collection] expected: The skill reads OpenClaw logs (~/.openclaw/logs) and may include full log content in reports (config includes include_details=true). Collecting logs is expected for usage monitoring, but these logs often contain prompts/responses; storing or sending them without enforced redaction/privacy controls is a privacy risk.
[code_truncation_or_syntax_issue] unexpected: Some included files appear truncated or contain stray characters (e.g., an isolated 'p' in api_monitor.py before truncation) and some referenced functions/classes (e.g., check_and_alert) are not present in the visible code; this indicates the distributed code may be incomplete or buggy.
[external_notification_capability] expected: Config allows SMTP/webhook notifications (reasonable for alerts). This capability is expected but means if a user configures webhook/email creds, parsed log data could be sent externally — the presence of this capability is expected for alerting but requires user caution.
What to consider before installing
This skill generally matches its stated purpose (reading OpenClaw logs to report API usage), but I recommend caution before running it on a machine with sensitive prompts or private data. Actionable steps:
- Inspect the repository locally before running: open the scripts to confirm no unexpected network calls or obfuscation. Pay special attention to any code that uses requests, urllib, smtplib, or subprocess to call external endpoints.
- Note the manifest/documentation mismatch: SKILL.md references several scripts that are not included. That suggests the package may be incomplete or stale — expect runtime errors.
- Because the tool reads ~/.openclaw/logs and can include detailed logs in reports (include_details=true), assume reports may contain sensitive prompts/responses. If you must run it, either set include_details=false and set security.encrypt_sensitive=true (and verify the code actually performs encryption/redaction) or run the tool on a copy of the logs that you have redacted.
- The config supports webhook/email alerts. Do not configure webhook URLs or SMTP credentials unless you trust the destination; test in a local, isolated environment (VM) first.
- Consider running the scripts in a sandbox/VM account with limited data (or on a non-production machine) and review generated reports in reports/ before allowing persistent scheduling (Task Scheduler or continuous mode).
- If you rely on this skill for production monitoring, obtain a complete, verified release that contains the missing referenced files and fix the apparent code truncation/bugs; otherwise treat this package as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97cg73ft3cefj6vx26dsb3xhn83w0b9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.