ClawHub
Back to skill
v1.0.0

Multi Site Health Monitor

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:18 AM.

Analysis

This monitoring skill is useful for uptime checks, but it can automate production-impacting restarts, rollbacks, cloud actions, SSH commands, and external alerts without clearly bounded approval controls.

GuidanceInstall only if you are comfortable giving the agent monitoring and alerting authority. Before using auto-remediation, restrict credentials, whitelist endpoints and commands, require approval for production-impacting actions, and define clear stop conditions for any continuous monitoring.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
**Webhook Triggers**: POST to custom endpoints (restart services, scale infrastructure) ... **Service Restart**: Execute shell commands on remote servers via SSH ... **Rollback Triggers**: Revert deployments if health checks fail

The skill exposes mutating production operations as automated monitoring responses, including webhook-triggered restarts, infrastructure scaling, remote shell commands, and deployment rollbacks.

User impactA bad health check, false positive, or misconfigured endpoint could cause the agent to restart services, run remote commands, or roll back deployments.
RecommendationRequire explicit user approval for each mutating action, whitelist allowed endpoints and commands, add dry-run mode, and keep audit logs for all remediation steps.
Cascading Failures
SeverityHighConfidenceHighStatusConcern
SKILL.md
If it fails 3 times in a row: 1. POST to https://restart-api.example.com/restart-payment-service 2. Alert PagerDuty ... 4. Log to Google Sheets with timestamp, error details, restart status

The example chains a health-check failure into restart automation, incident escalation, notification, and external logging.

User impactOne incorrect failure signal could trigger service changes, paging, and external records across multiple systems.
RecommendationAdd circuit breakers, confirmation gates for production actions, rate limits, deduplication limits, and a safe manual override before automated remediation.
Rogue Agents
SeverityMediumConfidenceHighStatusConcern
SKILL.md
automates continuous monitoring of 10-100+ websites ... Monitor https://payment-service.example.com/health every 2 minutes

The skill is intended to run recurring monitoring and automated escalation, but the provided instructions do not clearly specify duration, stop conditions, or lifecycle ownership.

User impactThe agent may keep making repeated network checks and taking alert/remediation actions after the user expected the task to stop.
RecommendationDefine explicit run windows, stop conditions, maximum retries, escalation ownership, and a simple way to disable all scheduled or recurring activity.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceMediumStatusConcern
SKILL.md
requires":{"env":["SLACK_WEBHOOK_URL","PAGERDUTY_API_KEY","DATADOG_API_KEY"]} ... **AWS/Azure**: Auto-restart EC2 instances, trigger Lambda functions, scale infrastructure

The skill declares alerting credentials and also describes privileged cloud and infrastructure actions, but the provided artifacts do not clearly define least-privilege scopes or how higher-impact credentials should be constrained.

User impactIf broad credentials are provided, the agent could affect alerting systems or production infrastructure beyond a single monitoring task.
RecommendationUse dedicated least-privilege API keys and webhooks, avoid broad cloud or SSH credentials, and document exactly which accounts, resources, and actions the skill may use.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Route critical issues to PagerDuty, warnings to Slack, metrics to Datadog ... Log to Google Sheets with timestamp, error details, restart status

The skill intentionally sends monitoring data, alerts, metrics, and error details to third-party services, which is purpose-aligned but may expose internal URLs or operational details.

User impactOperational information such as endpoint names, failure details, and incident status may be shared with external providers.
RecommendationAvoid sending secrets or sensitive response bodies in alerts, use dedicated channels and webhooks, and review provider retention and access controls.