ClawHub
Back to skill
v1.0.0

SystemTemp

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 3:47 PM.

Analysis

The skill appears to be a local system-temperature monitor with no evidence of exfiltration or destructive behavior, though users should notice its local logging, optional scheduling, and install-path quirks.

GuidanceThis looks safe for its stated purpose, but check the install path before running setup, be aware that logs and reports are stored under ~/openclaw_workspace, and only add the cron example if you want the tool to keep running on a schedule.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
setup.sh
chmod +x /home/ckk/.openclaw/workspace/skills/system-temp/temp
chmod +x /home/ckk/.openclaw/workspace/skills/system-temp/temp.js

The setup script uses a hard-coded user-specific path and references a temp executable path. This is not malicious by itself, but it makes the install mechanism brittle and worth verifying.

User impactInstallation may fail or affect an unexpected path if run on a system that does not match the developer's directory layout.
RecommendationVerify the installed package and binary path before running setup, and avoid using elevated privileges unless clearly necessary.
Rogue Agents
SeverityInfoConfidenceHighStatusNote
README.md
# 每小時記錄
0 * * * * /home/ckk/.openclaw/workspace/skills/system-temp/temp >> /tmp/temp.log 2>&1

The README provides a user-directed cron example for recurring hourly execution. It is disclosed and aligned with monitoring, but it would create persistent scheduled activity if the user installs it.

User impactIf the cron entry is added, the command will run periodically and keep writing temperature output until the schedule is removed.
RecommendationOnly add the cron entry if continuous monitoring is desired, and remove it from the crontab when no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityInfoConfidenceHighStatusNote
SKILL.md
歷史記錄:`~/openclaw_workspace/data/systemTemp.log`
告警設定:`~/openclaw_workspace/config/tempAlerts.json`
報表:`~/openclaw_workspace/data/reports/`

The skill discloses that it stores temperature history, alert configuration, and reports locally. This persistence is expected for a monitoring tool, but users should know where retained data lives.

User impactLocal temperature history and report files may accumulate in the OpenClaw workspace over time.
RecommendationReview or delete the workspace log/report files if you do not want historical device telemetry retained.