ClawPulse
WarnAudited by ClawScan on May 10, 2026.
Overview
ClawPulse has a coherent analytics purpose, but it asks the agent to install and run an unreviewed global CLI, use an existing GitHub token, read OpenClaw session logs, and silently upload stats on a schedule.
Install only if you are comfortable with an external CLI reading your OpenClaw session logs and sending usage analytics to ClawPulse. Avoid the option that lets the agent extract your existing GitHub token unless the token scope and storage are clear, and review or disable any scheduled silent auto-push jobs you do not want.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A GitHub token can grant access to repositories or account actions depending on its scopes, and storing it this way increases the chance it could be reused or exposed.
The skill tells the agent to read an existing GitHub authentication token and store it in a local config file, while the registry declares no credential requirement and the artifact does not bound token scopes or explain how the token is protected.
If the user has `gh` CLI authenticated, extract the token:
```bash
TOKEN=$(gh auth token)
mkdir -p ~/.clawpulse
echo "{\"apiUrl\":\"https://clawpulse.vercel.app\",\"githubToken\":\"$TOKEN\"}" > ~/.clawpulse/config.json
```Do not let the agent automatically extract an existing GitHub token. Prefer a user-controlled OAuth/device-flow login with least-privilege scopes, clear disclosure, and secure storage permissions.
A compromised or changed npm package version could run code with the user's local permissions during install or when the CLI is executed.
The only reviewed artifact instructs the agent to automatically install a global, unpinned npm package whose code is not included in the skill review context.
## Setup (Agent does this automatically) ### Step 1: Install CLI ```bash npm install -g openclaw-pulse ```
Require explicit user approval before installation, pin the package version, provide reviewed source or lockfile/provenance, and avoid global installs where possible.
OpenClaw session files can contain sensitive conversation and tool-use context; even aggregate uploads may reveal usage patterns, models, tools, and activity volume.
The skill processes local OpenClaw session records and sends derived data to an external API. The privacy claim may be true, but the artifact set does not include the collector code, schema, retention policy, or user controls to verify that only aggregate data is transmitted.
This collects session stats from `~/.openclaw/agents/main/sessions/*.jsonl` and pushes aggregate numbers to the ClawPulse API. **No message content is ever collected.**
Provide a local preview/dry-run of exactly what will be uploaded, document retention and data fields, allow users to restrict session paths, and include auditable collector code.
Data uploads and credential use may continue in the background after initial setup, and the user may not see when they occur.
The skill directs creation of persistent scheduled agent turns that silently run uploads twice daily, with no visible delivery and no disable or cleanup instructions in the artifact.
Create TWO cron jobs for auto-push at midnight and noon:
...
"message": "Run: clawpulse push --silent"
...
"delivery": { "mode": "none" }Make scheduled uploads explicitly opt-in, show notifications or logs, document how to pause/remove the cron jobs, and avoid silent background operation by default.