Agent Metrics
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-metrics-osiris Version: 1.0.5 The OpenClaw skill bundle 'agent-metrics-osiris' is a benign utility designed for tracking AI agent metrics and resource usage. The `SKILL.md` provides clear, non-malicious instructions and does not contain any prompt injection attempts. The `metrics.py` script uses standard Python libraries and `psutil` to record metrics to a local JSON file and display system resource information. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, or other malicious behaviors. All actions align with the stated purpose of observability and monitoring.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any secrets or private information placed in metric labels or error details could remain on disk and later be shown or exported.
The tool persists metric labels, error details, and possible stack-trace text in a local JSON file, which is expected for observability but may retain sensitive operational information if users record it.
METRICS_FILE = "agent_metrics.json" ... "details": details or "No details", "stack_trace": stack_trace[:2000] if stack_trace else ""
Avoid recording API keys, tokens, private prompts, customer data, or other secrets in labels/details; delete or reset the metrics file when no longer needed.
If invoked with the wrong output path, the tool could replace an existing writable file with exported metrics.
The export command writes to a caller-specified path. This is purpose-aligned, but an unintended path could overwrite a writable file.
exp_parser.add_argument("--output", default="metrics.json", help="Output file") ... with open(output, "w") as f:Use explicit safe output filenames or directories for exports and review paths before running export commands.
Users may be confused about setup or may look for a missing wrapper outside the reviewed artifacts.
SKILL.md declares Python/psutil requirements and references a PowerShell wrapper, while the registry metadata says there is no install spec/requirements and the provided manifest does not include the wrapper. This is a documentation/package consistency issue.
version: 1.0.3 ... "requires": {"bins": ["python"], "pip": ["psutil"]} ... `agent-metrics.ps1` - PowerShell wrapperInstall only the disclosed psutil dependency from a trusted package source and use the provided metrics.py unless a reviewed wrapper is supplied.