ClawHub

Nex Skillmon

v1.0.0

Health monitoring and cost optimization tool for OpenClaw skill ecosystems and power users managing multiple skills. Track all installed skills with real-tim...

1· 23·0 current·0 all-time
byNex AI@nexaiguy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (health monitoring, cost tracking, security checks) match the files and behavior: scanner reads SKILL.md files under a skills directory, computes hashes, calls a ClawHub API for updates/flags, and stores local telemetry in ~/.nex-skillmon. Required binaries (python3) and the declared env vars (CLAWHUB_API_URL, SKILLS_BASE_DIR) are appropriate for the stated functionality.
Instruction Scope
Runtime instructions and CLI commands are focused on discovery, health checks, security scans, and cost reporting. The scanner will read all files under SKILLS_BASE_DIR and compute SHA256 hashes; it also makes outbound HTTP requests to CLAWHUB_API_URL for update/flag checks. These behaviors are expected for a monitoring tool, but users should be aware the skill will read the full contents of skill directories (file hashing) and send skill names to the configured ClawHub endpoint.
Install Mechanism
No external downloads or package installs are performed. setup.sh initializes a local SQLite DB, creates a ~/.nex-skillmon data directory and logs, and creates a symlink/wrapper in ~/.local/bin (or a Windows batch wrapper). The installer is local and idempotent; no network fetches or archives are pulled during setup.
Credentials
Only CLAWHUB_API_URL and SKILLS_BASE_DIR are declared as required env vars; these are proportionate to checking a remote skill index and scanning a local skills directory. The skill does read other optional env vars (CURRENCY, LOG_LEVEL) but these are non-sensitive configuration values. The package does not request secret tokens, cloud keys, or unrelated credentials.
Persistence & Privilege
The skill stores persistent state under the user's home (~/.nex-skillmon) and creates a user-level symlink/wrapper in ~/.local/bin. always is false. This level of persistence is typical for a CLI monitoring tool; it does not modify other skills or system-wide settings beyond adding a user bin entry.
Assessment
This package appears to do what it says: it scans a local skills directory, records metadata and usage in ~/.nex-skillmon, computes SHA256 hashes of skill files, and calls the configured ClawHub API to check for flags/updates. Before installing: (1) verify SKILLS_BASE_DIR points only to the directory you intend scanned (avoid pointing it to sensitive system paths), (2) review the ClawHub endpoint you configure (CLAWHUB_API_URL) if you don't want skill names sent externally — you can disable remote checks by setting CLAWHUB_API_URL to empty as documented, (3) note the installer will create ~/.nex-skillmon and add a user-level executable link (~/.local/bin), and (4) review the provided source if you want to audit what is hashed/posted. If you want to limit exposure, run the tool in a contained environment (VM/container) or review/modify scanner.check_for_updates and check_security_flags to point to a trusted endpoint or disable them.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fsn6t5bezx9qxnbbdwk6q85849460

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binspython3
EnvCLAWHUB_API_URL, SKILLS_BASE_DIR

Comments