ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawDoctor

v0.4.11

Self-healing doctor for OpenClaw. Monitors gateway, crons, sessions, auth, and costs. Sends Telegram alerts. Auto-restarts gateway when it goes down. Use whe...

0· 114·0 current·0 all-time
by@relayplane
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md clearly monitors OpenClaw state and takes healing actions (restarting the gateway) — this is coherent with the name/description. However, the skill runtime invokes 'openclaw gateway restart' and reads OpenClaw state/log files, yet the registry metadata only lists 'clawdoctor' as a required binary; 'openclaw' is not declared as a required binary. The SKILL.md also shows examples that accept a Telegram token/chat, but no required env vars or primary credential are declared. These omissions are inconsistent with the described capabilities.
Instruction Scope
Instructions are explicit about reading ~/.openclaw state, sessions, and gateway logs (read-only) and executing a healing command ('openclaw gateway restart'). It also documents non-interactive setup, installing a systemd user service, and starting a long-running daemon. These actions are within the stated monitoring/healing scope, but they grant the tool authority to read local OpenClaw data and restart services — and the docs don't explain exact token storage/handling or whether the agent should pass Telegram credentials via env vs CLI flags.
!
Install Mechanism
The install spec is 'npm install -g clawdoctor' (global npm package). Installing a third-party npm package globally can execute arbitrary code on the host. The SKILL.md lists a homepage (https://clawdoctor.dev) but the registry metadata shows 'Source: unknown' and no authoritative homepage in the registry entry; the package owner/registry provenance is not clearly verifiable here. This is a moderate-to-high supply-chain risk unless the npm package and its repository are audited.
Credentials
The skill legitimately needs access to OpenClaw's files and the ability to run the 'openclaw' command to heal. It also needs a Telegram bot token/chat ID to send alerts. However, none of these credentials or the 'openclaw' binary are declared in requires.env or requires.bins in the registry metadata. The SKILL.md's examples require a TOKEN and CHATID but the registry doesn't declare or require them — that's a transparency gap.
!
Persistence & Privilege
The skill can be installed as a persistent systemd user service and run as a daemon that restarts the OpenClaw gateway — this gives it continuous execution and the ability to perform potentially disruptive actions (restarts). The skill does not request 'always: true', but installing the service effectively grants ongoing privileges. Users should recognize the operational impact and verify the package before granting that persistence.
What to consider before installing
This skill appears to do what it claims (monitor OpenClaw and restart the gateway), but there are red flags you should address before installing: 1) Verify the npm package source and repository (review the package code, maintainer, and release history). Do not install a global npm package you can't audit. 2) Confirm the presence and trustworthiness of the 'openclaw' binary on the host; the registry metadata should have declared it. 3) Run clawdoctor in dry-run mode first (clawdoctor start --dry-run) and review its logs/events before enabling auto-heal. 4) When configuring Telegram, restrict the bot permissions and avoid placing tokens in world-readable files; prefer per-service tokens and secrets management. 5) If possible, run the tool under a limited user account or inside a container to reduce blast radius of an arbitrary npm package. Additional information that would raise confidence: a visible package repository or homepage with source code, verifiable package maintainers, and explicit declared requirements (openclaw binary and required env vars) in the registry metadata.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cj4wp4r6tx3tmhprvmw9kgx835gvm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsclawdoctor

Install

Install ClawDoctor (npm)
Bins: clawdoctor
npm i -g clawdoctor

Comments