v1.0.0

Service Watchdog

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:02 AM.

Analysis

The skill mostly matches its monitoring purpose, but its TCP fallback can run a shell command built from config values, so a crafted watchdog configuration could execute local commands.

GuidanceReview any watchdog.json before running this skill, especially TCP entries. Prefer using trusted configurations and ensure nc or ncat is installed to avoid the unsafe bash /dev/tcp fallback. If you enable cron, confirm the schedule and history file location are appropriate for your environment.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityHighConfidenceHighStatusConcern

watchdog.sh

timeout "$timeout_s" bash -c "echo >/dev/tcp/${host}/${port}"

The TCP fallback builds a bash -c command string using host and port values that come from the watchdog configuration, without visible validation or safe argument passing.

User impactIf a watchdog.json file contains a malicious TCP host or port and nc/ncat is unavailable, running the skill could execute unintended local shell commands.

RecommendationDo not run this skill against untrusted watchdog.json files; the maintainer should validate host and port values and avoid interpolating them into bash -c.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

watchdog.sh

local curl_args=(-s -S -o "$body_file" -D "$header_file" -w '%{http_code}' ... -X "$method" -L --insecure)

HTTPS health checks deliberately disable TLS verification while following redirects. This can be useful for self-hosted services but means a successful HTTP check is not proof the certificate chain or hostname is trusted.

User impactThe skill may report an HTTPS endpoint as responding even when normal TLS validation would fail.

RecommendationTreat the SSL output as an expiry check, not full TLS validation, unless the skill adds a verified-TLS mode or makes insecure checks opt-in.

Rogue Agents

SeverityInfoConfidenceHighStatusNote

SKILL.md

Add to your OpenClaw cron for continuous monitoring: ... Every 5 minutes ... Run `bash skills/service-watchdog/watchdog.sh --json`

The documentation encourages recurring scheduled execution. This is disclosed and aligned with monitoring, but it creates ongoing autonomous checks if the user enables it.

User impactIf scheduled, the skill will keep probing configured services and producing alerts/history until the cron job is removed.

RecommendationEnable cron only for watchlists you trust, and review the schedule, output, and history retention settings.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Required binaries (all must exist): none

The registry metadata does not declare required binaries, while SKILL.md says the script requires tools such as curl, openssl, nc/ncat, dig/nslookup, and jq.

User impactInstallation may look dependency-free even though the script needs local command-line tools to work correctly.

RecommendationCheck that the documented tools are installed before using the skill; the package metadata should be updated to declare its runtime dependencies.