Windows Health Monitor

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This health-monitor plugin mostly matches its stated purpose, but it needs review because it runs on startup, handles gateway tokens, and can send operational alerts to WhatsApp/Telegram with limited privacy disclosure.

Install only if you want continuous background monitoring of your OpenClaw gateway. Set alertChannel to 'none' unless you intentionally want health alerts sent through WhatsApp or Telegram, avoid using the dashboard on shared browsers because it stores the gateway token, review diagnostic bundles before sharing them, and do not run the documented all-node force-kill command unless you accept that it can stop unrelated Node.js apps.

SkillSpector (11)

By NVIDIA

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The file presents itself as only a background health monitor, but it also performs outbound notification delivery via WhatsApp and Telegram. This hidden capability increases the risk of undisclosed data egress and misleading operator expectations, especially because health status and alert text are automatically transmitted off-host.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README promotes WhatsApp/Telegram alerting and asks users to configure a phone number or user ID, but it does not clearly disclose that health alerts and possibly diagnostic details may be sent to third-party messaging platforms. In a health-monitoring skill, alerts can contain operational metadata, log-derived details, or other sensitive environment information, so missing disclosure and consent guidance creates a real privacy and data-exposure risk.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README states that automatic diagnostics are enabled by default and elsewhere describes diagnostic bundle export and log tail extraction, but it does not warn that critical alerts may automatically trigger collection or export of potentially sensitive logs and system details. Because this skill operates in a monitoring/diagnostics context, auto-diagnosis materially increases the chance of collecting and transmitting sensitive operational data without informed user consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs users to generate and share a diagnostic bundle but does not clearly warn that even a sanitized archive may still contain sensitive system metadata, logs, configuration structure, or environment details. In a troubleshooting skill, users are especially likely to follow export-and-share guidance verbatim, which increases the chance of inadvertent data disclosure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The playbook includes a forceful termination of all node processes followed by an immediate restart, but it does not warn that this can kill unrelated Node.js applications, interrupt active work, and risk data loss or corruption. Because the command appears in a standard fix sequence for an unresponsive gateway, users may execute it quickly without understanding its destructive scope.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The dashboard stores the OpenClaw gateway bearer token in browser localStorage, which is readable by any script executing in the page origin and persists across sessions. If the page or same-origin context is ever exposed to XSS, browser compromise, shared workstation access, or local file inspection, the token can be recovered and reused to access the local gateway API.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation explicitly configures WhatsApp alerting with a real-looking destination number but does not warn that operational health data may be transmitted to an external messaging channel. Even if the payload is only diagnostics, alerts can expose system state, availability issues, host behavior, or other sensitive metadata to unintended recipients if misconfigured or used in regulated environments.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The background hook retrieves a user-scoped OPENCLAW_GATEWAY_TOKEN and uses it in an Authorization header for a local health probe without any visible disclosure or consent mechanism. Even though the request targets localhost, silently accessing credentials from a background task expands the trust boundary and creates unnecessary secret handling risk if logs, child processes, or future code changes expose that token.

Missing User Warnings

High

Confidence: 97% confidence
Finding: When degradation is detected, the hook automatically sends alert content to external messaging channels based on configuration, without any in-code user warning or confirmation at send time. This creates clear exfiltration risk because operational health details, task state, and inferred environment information may be pushed to third-party services from a background process.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The manifest explicitly advertises alerts via WhatsApp or Telegram but provides no user-facing disclosure about what health data may be transmitted, when transmission occurs, or what privacy implications follow. Because the plugin is described as background health monitoring, alerts could send operational or potentially sensitive diagnostic metadata off-host without informed user consent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill activates on startup and is enabled by default, which means continuous background monitoring begins immediately without an explicit warning or consent gate. In combination with external alerting and diagnostics, this creates a stealthy-by-default behavior that can surprise users and lead to unintended monitoring or data transmission.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

59/59 vendors flagged this plugin as clean.

View on VirusTotal