ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

system-health-monitor

v1.0.0

Monitor system health including disk space, memory usage, process status, and evolution metrics to detect potential issues early. Use when checking system he...

0· 66·0 current·0 all-time
by@jpengcheng523-netizen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (system health: disk, memory, processes, evolution, skills) aligns with the code and SKILL.md. The skill reads OS stats, runs a local 'df' command, and inspects local 'logs' and 'skills' directories — all consistent with monitoring system health.
Instruction Scope
SKILL.md instructs use of check() and formatReport(); the implementation follows that. It also reads files under process.cwd()/logs and process.cwd()/skills to determine evolution cycles and skill count — this is within the declared purpose but means the skill will access local log and skills directories. The code may throw if the 'logs' directory is absent (caught by the caller), so behavior can vary by environment.
Install Mechanism
No install spec (instruction-only with an included index.js). Nothing is downloaded or written to disk by an installer; risk from installation is minimal.
Credentials
No environment variables, credentials, or external config paths are requested. Access to the local filesystem and executing a local 'df' command are proportional to the stated monitoring purpose.
Persistence & Privilege
always:false and no code that modifies other skills or system-wide agent settings. The skill does not request persistent privileges or special presence.
Assessment
This skill appears coherent with its purpose. Before installing, consider: (1) it reads local files under the current working directory (./logs and ./skills) — ensure those directories don't contain sensitive data you don't want a skill to read; (2) it invokes a shell command ('df -h /') via child_process.execSync — that is local-only but platform-dependent and may not exist on Windows; (3) test the skill in a safe environment first to confirm behavior and to verify how it handles missing directories. If you prefer, inspect or run the included index.js yourself (it's small and self-contained) before giving it runtime access.
index.js:117
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978593njfnjbcxkm0hr2em05x83jgg2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments