Back to skill
Skillv1.0.1
ClawScan security
Disk Usage Watcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 10:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are coherent with a disk‑usage monitoring tool; nothing majorly out of scope or requesting unrelated credentials is present.
- Guidance
- This skill appears to be what it claims: a small instruction-only disk/inode monitor that uses the platform's exec and notify helpers. Before installing, confirm how notifications are delivered (openclaw/notify) so alerts don't go to unintended channels. Also note the SKILL.md mentions automatic cron runs but there is no install step to create a cron job — if you want periodic checks you must configure scheduling yourself or verify your agent platform will schedule it. Finally, because the skill invokes df-style commands, it will observe the host's mount and usage state (normal for monitoring), so only install on agents where you are comfortable letting the agent inspect disk state.
Review Dimensions
- Purpose & Capability
- okName/description (monitor disk space/inodes) align with the instructions and declared dependencies (openclaw/exec to run df-like checks and openclaw/notify to send alerts). No unrelated binaries or credentials are requested.
- Instruction Scope
- noteSKILL.md stays focused on checking disk/inode usage and alerting. It references running df-style commands via openclaw/exec and sending notifications via openclaw/notify. Minor note: it states 'runs automatically via cron every 15 minutes' but provides no install steps to create a cron job — scheduling is implied but not implemented by the instruction-only package.
- Install Mechanism
- okInstruction-only (no install spec, no downloads, no code files). This has a low install risk surface because nothing is written to disk by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are required. The absence of secrets is appropriate for a local disk monitoring task that uses the platform exec/notify primitives.
- Persistence & Privilege
- notealways:false and no requested persistent config make this non-invasive. However, the doc's claim of automatic cron execution implies persistent scheduling that is not implemented here — install/scheduling would need to be configured elsewhere.