ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WatchClaw

v1.0.0

Auto-recovery watchdog for OpenClaw gateway. Monitors health, detects bad config changes, and recovers via git stash/revert. Supports native and Docker resta...

0· 382·1 current·2 all-time
byJarvis Wang@jarvis4wang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (watchdog for OpenClaw gateway) matches the runtime instructions and required binary: the skill needs a watchclaw CLI that monitors health, inspects the gateway config repo, and performs git stash/revert and restart actions. The requested binaries and config paths (GATEWAY_CONFIG_DIR) are coherent with this purpose.
!
Instruction Scope
The SKILL.md instructs running the watchclaw CLI which will access the user's OpenClaw config repo (default ~/.openclaw), run git stash/git revert, and restart the gateway or a Docker container. Those operations are within the claimed scope, but they are destructive by nature (changing repo state, reverting commits, stashing) and can cause data loss if used without backups. The SKILL.md's install metadata also suggests running a remote script via curl | bash, which grants the remote content broad permission to run arbitrary commands on the host.
!
Install Mechanism
The SKILL.md metadata recommends installing via a curl -fsSL https://raw.githubusercontent.com/.../install.sh | bash pattern (remote script piped to shell). While the URL is GitHub raw (a commonly used host), piping remote scripts to bash is high-risk because it executes remote code immediately without local inspection or signature verification. The package also includes a local install.sh that downloads files from raw.githubusercontent.com (safer than piping to bash but still downloads code from remote sources without verification).
Credentials
The skill declares no required credentials or env vars and the runtime behavior doesn't demand unrelated cloud credentials. It does reference optional env/config variables (e.g., WATCHCLAW_CONF, OPENCLAW_BIN, ALERT_WEBHOOK_URL) that are reasonable for operation. There are no unexpected credential requests in the metadata.
Persistence & Privilege
always:false (good). The skill is allowed to be invoked autonomously (platform default); combined with its behavior (modifying a git repo, restarting processes/containers, and sending webhooks), that grants it significant local effect. This is consistent with a watchdog but increases blast radius — run with caution and restrict execution contexts as appropriate.
What to consider before installing
This skill is coherent with its stated purpose but has meaningful operational risks you should consider before installing: - Audit the code before running: inspect the watchclaw and watchclaw.sh scripts (the package downloads these from GitHub raw). Do NOT run the curl ... | bash install command without reviewing the script. Prefer cloning the repository and reviewing files locally. - Back up your OpenClaw config repo (and any important branches) before letting Watchclaw run — it will run git stash and git revert and can change repo history or discard uncommitted work. - Test in a non-production environment first and use DRY_RUN=1 to verify alerting/behavior without performing destructive actions. - If you use webhooks or alert commands, avoid embedding secrets in the config file unless you trust the script; restrict network access or use a dedicated, limited webhook URL. - Consider running watchclaw under a dedicated user or container with limited permissions so it can restart the gateway/container but cannot access unrelated user files. If you want a safer install flow: clone https://github.com/jarvis4wang/watchclaw, inspect the install.sh and the watchclaw scripts locally, then run the local install.sh (or copy the scripts manually) rather than piping a remote script directly into bash.

Like a lobster shell, security has layers — review code before you run it.

latestvk9713p8b0ec42t7symtw1nvyy5821emz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Binswatchclaw

Comments