Runtime Monitor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a coherent local security-monitoring helper, but its reports can include snippets of the text it inspects and its source provenance is limited.
This looks purpose-aligned for local runtime security checks. Before installing, decide whether you trust the publisher, review how reports will be stored or shared, and tune blocking thresholds so the monitor does not accidentally expose sensitive snippets or interrupt legitimate work.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Security reports may contain parts of sensitive prompts, tool outputs, tokens, or credentials that the monitor was asked to inspect.
Detection results store and serialize up to 500 characters of the monitored input. If the monitored text contains secrets, reports or downstream logs could expose a snippet.
"raw_input": self.raw_input[:500] if self.raw_input else "" ... raw_input=text
Treat monitor reports as sensitive data, avoid sending them to untrusted contexts, and consider redacting or disabling raw input capture if integrating this into a broader agent workflow.
Legitimate commands or outputs could be blocked or flagged if they match the regex patterns.
The monitor is designed to flag or block high-scoring tool-call text. This is aligned with the security purpose, but it can affect whether user-requested actions proceed.
def __init__(self, block_threshold: int = 70): ... 风险分超过此值将阻断
Review and tune thresholds and patterns before relying on it as an enforcement control, especially in workflows where false positives could interrupt important tasks.
Users have less external context for verifying the maintainer, update history, or intended behavior.
The package does not provide a source repository or homepage. This is not malicious by itself, but provenance is important for a security-monitoring component.
Source: unknown; Homepage: none
Review the included code and publisher trust before installing, and prefer a version with a verifiable source repository if it will gate sensitive agent actions.