ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Session Monitor

v1.7.0

Real-time OpenClaw session monitor that tails JSONL transcripts and pushes formatted updates to Telegram as a persistent background process. Use when asked t...

0· 58·0 current·0 all-time
by@jusaka
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement a Telegram-backed session monitor (reads JSONL session files, parses, formats, and posts to api.telegram.org). Requiring a Telegram BOT_TOKEN and CHAT_ID is coherent with that purpose. However, the registry/manifest claims no required env vars while the included SKILL.md and scripts/config.js clearly expect BOT_TOKEN, CHAT_ID, and AGENT_NAME — this metadata mismatch is an inconsistency that reduces trust.
!
Instruction Scope
Runtime instructions and the code instruct the agent to read all JSONL transcript files in the agent's sessions directory and continuously push formatted HTML to a Telegram chat. This behavior is expected for a monitor, but it means potentially sensitive session data (user inputs, tool outputs, prompts, subagent context) will be transmitted to an external endpoint. The parser strips some known metadata, but there is no guarantee all secrets are removed. The skill also writes a .pid and log files in its directory (expected for a daemon).
Install Mechanism
No network download/install spec is present and the package is instruction + local scripts only. There are no external archive downloads or package installs; the sender uses Node's https to call Telegram's official API host. This is low install risk.
Credentials
The code legitimately needs BOT_TOKEN and CHAT_ID (and AGENT_NAME) to operate; those are proportionate to the stated functionality. The manifest/registry incorrectly lists 'Required env vars: none', which is inconsistent. Also, the skill loads a local .env into process.env (scripts/config.js) — ensure .env is stored securely and not committed to shared repos.
Persistence & Privilege
The skill is not marked always:true and is user-invocable. It runs as a background process started manually (or via nohup) and writes only its own .pid/log files. It does not modify other skills or system-wide configs.
What to consider before installing
Before installing: - Verify origin: the registry metadata omits required env vars but the shipped code needs BOT_TOKEN, CHAT_ID, and AGENT_NAME — confirm you trust the repository/source. - Understand data flow: this runs continuously and will push your agent's session transcripts (user inputs, tool outputs, prompts, possibly sensitive data) to a Telegram chat. Only provide a bot token and chat ID under your control and use a private, restricted chat. - Secure secrets: keep scripts/.env out of version control and restrict filesystem access to the sessions directory and the .env file. - Test safely: run node scripts/test.js and run the monitor against a session directory with non-sensitive, synthetic data first. - Consider alternatives: if you only need one-off inspection, use built-in sessions_list/sessions_history instead of a persistent monitor. If you cannot verify the source or do not control the destination Telegram chat, treat this skill as risky and do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk978qp1cxhyr7k3qg88wg99r3x8484bk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments