ClawHub

Clawprobe

v0.6.9

Monitor OpenClaw agent health, token usage, API cost, and context window in real time. Use when you need to check your own status, inspect context utilizatio...

0· 122·2 current·2 all-time
by@liuhao6741
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with the commands and outputs in SKILL.md: all commands relate to monitoring agent health, token/cost usage, context utilization, suggestions, and compaction events. The skill does not ask for unrelated credentials, binaries, or config paths.
Instruction Scope
Instructions only tell the agent to install and run a CLI (clawprobe) and to parse its JSON output. They do not instruct reading unrelated system files or environment variables, but they do instruct starting a daemon (clawprobe start) which may access agent internals or local config once installed—this access is implicit in the CLI and not described in the SKILL.md.
Install Mechanism
There is no install spec in the skill metadata; the README suggests using npm install -g clawprobe. Installing from npm is a common pattern but can execute arbitrary install scripts and will pull code from the public registry. The SKILL.md does not pin a version or link to a specific, audited release artifact.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is consistent with its documentation. Be aware that the installed CLI/daemon could read local agent config or tokens when running even though the skill metadata doesn't request those.
Persistence & Privilege
always is false and model invocation is allowed (normal). However, the instructions encourage running a long‑lived daemon (clawprobe start), which introduces persistence on the host outside the skill metadata—monitor and audit the daemon if you install it.
Assessment
This skill is an instruction-only wrapper that expects you to install an external npm package (clawprobe) and run its CLI/daemon. That pattern is coherent with its purpose but carries the usual risks of installing third-party packages: npm installs can run arbitrary code and a daemon may access local agent config or tokens. Before installing, verify the npm package and repository (check the GitHub homepage, author, recent commits, and published package contents), prefer a pinned version, inspect postinstall scripts in the package, consider installing in an isolated environment or container, and monitor the daemon's network and file activity. If you maintain sensitive agent credentials, confirm the tool's source and exact permissions before running `clawprobe start`.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dgvs5vgjd64v6yex44x5qk183bnt1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦀 Clawdis

Comments