workspace-health-dashboard
v1.0.0Unified health monitoring dashboard that consolidates skill quality, dependency security, cleanup needs, and protected skills status into a single health che...
⭐ 0· 74·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the implementation: the code enumerates skills, inspects package.json for dependencies, and produces cleanup/protected-skills reports. The operations performed (reading the skills directory and package.json) are proportional to a health dashboard.
Instruction Scope
SKILL.md shows the same API (generateDashboard, formatDashboard, isHealthy) that index.js implements. However, the SKILL.md's 'Integration' section mentions other skills (skill-cleanup-executor, dependency-vulnerability-scanner) and implies execution/integration that the provided code does not perform. Also the implementation uses a hard-coded default workspacePath ('/root/.openclaw/workspace'), which the docs do not explicitly call out.
Install Mechanism
No install spec or remote installs are present; the package is provided as source (index.js + package.json + SKILL.md). No archives/downloads or exec-based installers are used.
Credentials
The skill declares no required environment variables or credentials and the code does not access environment secrets. It does read filesystem paths (skills directory and package.json) which is appropriate for this tool, but the use of a root-prefixed default path may surprise some users.
Persistence & Privilege
The skill is not marked always:true, does not request persistent system-wide changes in the visible code, and does not modify other skills' configs. The code appears read-only (filesystem reads) and formatting output; no writes/deletions are present in the provided portion.
Assessment
This skill appears to do what it says: scan the workspace skills directory and package.json and produce a summary report. Before installing or running it: 1) review the remaining portion of index.js (the provided file was truncated) to ensure no hidden writes, network calls, or credential access; 2) note the default workspacePath is '/root/.openclaw/workspace' — either supply an explicit workspacePath option or change the default if you don't want it to inspect that location; 3) the SKILL.md mentions integrations that the code does not execute — expect this skill to be a passive auditor, not an automatic cleanup tool; and 4) run it in a non-production environment first to confirm behavior. If you need stronger assurance, request a full, untruncated audit of the file and confirm there are no child_process.exec, network requests, or file-modifying operations.Like a lobster shell, security has layers — review code before you run it.
latestvk970bgnndvqchctsvdhrwzaq6d83nw9c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.