Security Monitor

The skill's code, documentation, and runtime instructions are consistent with a network/file security monitor; it asks for an optional API key and logs monitored URLs/file paths which is proportionate to its purpose but requires careful configuration and trust decisions (especially around the hs-ti dependency and log storage).

This skill appears to implement exactly what it describes, but it performs privacy-sensitive actions you should review before installing: it will automatically intercept OpenClaw network tool calls and may read local files to compute hashes, and it logs URLs and file paths to ~/.openclaw/logs/security-monitor.log by default. Before installing: (1) decide whether to use the SECURITY_MONITOR_API_KEY env var (recommended) rather than storing keys in config.json; (2) restrict log file permissions (chmod 600) and consider disabling logging of benign events if you need privacy; (3) review and tune the whitelist/blacklist and policy settings so it doesn't block expected traffic; (4) inspect or vet the hs-ti skill if present, because this skill will call into that skill when available (chain-of-trust risk); (5) test in an isolated environment first if you are concerned about inadvertent data capture. If any of these behaviors are unacceptable (automatic interception, logging of URLs/file paths, or contacting the configured threat-intel endpoint), do not install or disable the corresponding monitoring options in config.json.