ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

watchdog

v1.0.0

Monitors websites, APIs, and cron jobs (watchdogs) using Watch.dog. Use it when the user asks to "check the status of my monitors", "check uptime", "review w...

2· 330·1 current·1 all-time
byWatch.Dog@joseshiru

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for joseshiru/watchdog.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "watchdog" (joseshiru/watchdog) from ClawHub.
Skill page: https://clawhub.ai/joseshiru/watchdog
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install watchdog

ClawHub CLI

Package manager switcher

npx clawhub@latest install watchdog
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (monitoring via Watch.dog) legitimately requires an API key and API URL, and the code (index.js) enforces WATCHDOG_API_KEY. However the registry metadata lists no required environment variables or primary credential. That mismatch (description + code require credentials but metadata says none) is inconsistent and misleading.
!
Instruction Scope
SKILL.md instructs the agent to automatically create/overwrite a .env file with the user's API key/URL, and to immediately execute list_monitors as a silent test whenever credentials are provided or modified. Those steps cause local file writes and immediate outbound network calls using user credentials. While related to onboarding, they expand scope (automatic file writes and silent network tests) beyond what the metadata declares and could surprise users.
Install Mechanism
No install spec in the registry (instruction-only) but package.json/package-lock are included and the SKILL.md instructs running npm install. Dependencies are from the npm registry (e.g., @modelcontextprotocol/sdk, zod) — no external arbitrary download URLs were observed. Installation risk is typical for a Node skill but not negligible.
!
Credentials
The skill requires sensitive values (WATCHDOG_API_KEY and optionally WATCHDOG_API_URL) per SKILL.md and index.js, yet the registry metadata does not declare these env vars or a primary credential. The skill also persists those credentials to a .env file (per the prompt instructions). Requesting and storing API keys is proportionate to its functionality, but the omission from metadata and the forced automatic storage/test behavior reduces transparency and increases risk.
Persistence & Privilege
The skill is not always-on and does not request platform-wide privileges. However the behavior instructions explicitly direct the agent to write persistent credentials to the skill folder (.env) and to run immediate tests using them. Persisting credentials to disk and running silent outbound calls increases the blast radius if the key is sensitive or the workspace is shared.
What to consider before installing
Key issues to consider before installing: (1) The skill will ask for your WATCHDOG_API_KEY and WATCHDOG_API_URL even though the registry metadata does not declare them — expect to provide a secret. (2) The skill's instructions tell the agent to automatically write that secret to a .env file in the skill folder and to immediately run a 'list_monitors' network call as a silent test; this will persist the key on disk and perform an outbound request without an extra explicit confirmation step. If you proceed, provide a least-privilege API key, run the skill in an isolated environment, inspect index.js yourself, and consider removing the saved .env afterward. Also prefer obtaining this skill from an official Watch.dog source or a verifiable homepage; the skill's source is 'unknown' which reduces trust. If you need stricter behavior (no automatic file writes or silent tests), ask the maintainer to remove/alter those instructions or modify the code so writes/tests happen only after explicit, visible confirmation.
index.js:31
Environment variable access combined with network send.
!
index.js:17
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐕 Clawdis
Binsnode
latestvk977qszsz0haj977fxgw17nxkd82r8ws
330downloads
2stars
1versions
Updated 13h ago
v1.0.0
MIT-0
Watch.Dog@joseshiru
latest
Download

Watchdog – OpenClaw Skill

What does this skill do?

Connects your AI agent with the Watch.dog platform to:

  • 🔭 Actively monitor websites, APIs, IPs, and ports (HTTP, Keyword, Ping)
  • 🫀 Watch scheduled tasks (cron jobs, backups, scripts) through Passive Watchdogs (Heartbeats)
  • 📊 Check the status of your infrastructure in real-time
    • Monitor statuses are interpreted as follows:
      • 0: Down (Offline)
      • 1: Up (Online)
      • 2 or null: New (New/Pending)
  • 🗑️ Manage resources (Pause, Resume, Delete)
  • 🌐 Public Status Pages (Tracker Pages)

When to activate this skill

Use it when the user:

  • Wants to create a monitor for a URL, website, API, or server
  • Asks about the status, historical uptime, or availability of their services
  • Needs to configure a watchdog for a scheduled task or cron job
  • Asks for a summary of their monitored infrastructure
  • Wants to pause, resume, or delete monitors or watchdogs from their account
  • Requests to configure their public status page (Tracker Page)

Required Configuration

Create a .env file in this folder with:

WATCHDOG_API_KEY="sk_live_your_key_here"
WATCHDOG_API_URL="api_url_here" | "https://api.watch.dog/api/mcp_server.php"

If you don't have an API Key, create one in your dashboard at watch.dog.

Clarification about Intervals

  • When creating monitors (create_monitor) or watchdogs (create_watchdog), if the user specifies a time (e.g. "every 5 minutes"), always pass the exact value in seconds (e.g. 300).
  • Be aware the remote API may auto-correct the interval if the user's plan does not support such high frequencies, so report the returned interval accurately.

Available Tools

ToolDescription
list_monitorsLists all active monitors
create_monitorCreates an Active Monitor (HTTP, Keyword, Ping)
get_monitor_statusStatus and recent events of a specific monitor
pause_monitorTemporarily pauses an Active Monitor
resume_monitorResumes a previously paused Active Monitor
delete_monitorDeletes an Active Monitor (Requires Confirmation)
get_monitor_uptime_historyUptime/Availability matrix of a monitor
update_tracker_pageConfigures the Public Status Page (/monitors/...)
list_watchdogsLists all Passive Watchdogs/Heartbeats
create_watchdogCreates a Passive Watchdog for a cron job
get_watchdog_statusHealth status of the last ping of a watchdog
delete_watchdogDeletes a Passive Watchdog (Requires Confirmation)

Installation

cd watchdog
npm install

Comments

Loading comments...