ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Monitor

v0.1.3

Use the `clawmonitor` CLI/TUI to inspect OpenClaw sessions, model health, token usage, and gateway service health.

0· 205·2 current·2 all-time
bybread time@openclawq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the required binary and the commands in SKILL.md. Requiring the clawmonitor executable and read access to ~/.openclaw/ is appropriate for an on-host monitor.
Instruction Scope
The instructions only run clawmonitor commands and reference OpenClaw state and the clawmonitor config path (~/.config/clawmonitor/config.toml). They do not ask the agent to read unrelated system files, network endpoints, or other services.
Install Mechanism
This is an instruction-only skill (no install spec), but SKILL.md recommends installing clawmonitor via pip/pipx/venv from PyPI. That is a typical install route for Python CLIs but carries the usual caution: pip installs arbitrary code from package indexes. The skill itself does not embed or fetch arbitrary URLs or packages.
Credentials
No environment variables or unrelated credentials are requested. The implicit requirement is read access to local OpenClaw state (~/.openclaw/) and the ability to run the local clawmonitor binary, which is proportional for a monitor.
Persistence & Privilege
always:false and no install-time changes are declared. The only persistent change the tool may perform is writing its own config under ~/.config/clawmonitor/, which the SKILL.md documents and marks safe to re-run.
Assessment
This skill is coherent with its stated purpose, but before installing or letting an agent run it automatically: 1) confirm clawmonitor comes from a trusted source (check the GitHub homepage and PyPI package authors); 2) prefer installing in a venv or with pipx (as suggested) rather than system-wide; 3) be aware the tool reads local OpenClaw state (~/.openclaw/) which may contain session data you consider sensitive; and 4) avoid allowing an autonomous agent to perform package installs without explicit user approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk97byt344gn9xdy7hy5zd4cp2583bakv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Binsclawmonitor

Comments