ClawHub
Back to skill
v1.0.1

Analyst Watchdog

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:16 AM.

Analysis

The skill mostly matches its monitoring purpose, but users should review it because it is designed for autonomous scheduled operation and file-based agent/Telegram alert handoffs despite claiming data stays local.

GuidanceReview this skill before installing or scheduling it. It appears intended for local monitoring, but you should confirm whether any orchestrator watches OUTBOX.md or ALERT_TELEGRAM.md, whether Telegram forwarding is enabled, what data those files may contain, and how to disable the scheduled watchdog.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
"No data leaves the user's machine" ... `ALERT_TELEGRAM.md` | High | Sent immediately, then deleted

The security note tells users data stays local, while the same artifact describes a Telegram alert file that is sent immediately. Even if this script only writes a local file, the stated workflow can cause downstream external sharing.

User impactA user may install it believing outputs remain strictly local, while alert contents may be forwarded through a Telegram workflow.
RecommendationClarify whether Telegram forwarding is part of the expected deployment, require explicit opt-in for external alerts, and remove or qualify the 'No data leaves' claim.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Runs on a schedule (LaunchAgent or cron) without human intervention.

Autonomous scheduled operation is openly disclosed and aligned with the watchdog purpose, but it means the skill can keep producing state, findings, outbox, and alert files until the schedule is disabled.

User impactIf scheduled, it may continue running in the background and generating downstream triggers after the initial setup.
RecommendationInstall any cron or LaunchAgent schedule only deliberately, document how to disable it, and monitor the output files it creates.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusConcern
scripts/analyst_agent.py
"Write alert file for main agent to pick up and send." ... with open(ALERT_PATH, "w") as f:

The script creates a file-based handoff for another agent to send an alert, but the artifacts do not define the receiving agent's identity, permissions, review behavior, or external delivery boundary.

User impactAnother local agent or orchestrator could treat the alert file as authorization to send information onward without a separate user confirmation.
RecommendationDocument the downstream consumer, require a clear approval or opt-in policy for sends, and use a structured queue format that treats alert text as data rather than instructions.
Memory and Context Poisoning
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
`FINDINGS.md` | Low | Background knowledge | ... `OUTBOX.md` | Medium | Orchestrator on next heartbeat

The skill intentionally turns API-derived observations into persistent markdown read by later agents. The included script writes API-derived model, task, and promotion fields into these files, so poisoned or malformed API content could become trusted agent context.

User impactA compromised or unexpected local API response could plant misleading text in files that later agents read and act on.
RecommendationValidate API schemas, quote or escape external text, label generated content as untrusted data, and instruct downstream agents not to follow instructions contained in findings or outbox files.