Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawdoctor
v0.4.13Self-healing monitor for OpenClaw gateways, crons, and agent sessions. Use when you need to watch if OpenClaw is running, get Telegram alerts on failures, au...
⭐ 0· 173·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the code and runtime behavior: watchers look at ~/.openclaw, session/cron files, systemd/journalctl, and healers call `openclaw` or `systemctl` to restart/kill. The package installs a CLI 'clawdoctor' via npm as declared. Minor mismatch: marketing mentions Slack/Discord alerts but the code only implements Telegram; retention and tier enforcement are not fully automatic (factsheet notes user must configure retentionDays).
Instruction Scope
SKILL.md and TASK.md instruct the agent to install the npm CLI and run local monitoring commands. The runtime instructions and code access only local OpenClaw-related files (~/.openclaw) and local state (~/.clawdoctor), and make outbound HTTPS calls only to the license server (clawdoctor.dev) and Telegram API as expected for alerts and license validation. Healers perform system/process actions (systemctl/openclaw) which are consistent with the stated auto-fix purpose.
Install Mechanism
Install uses the npm package 'clawdoctor' (package.json/package-lock.json present). No arbitrary binary downloads or URL-extract installs were found. The package depends on native module better-sqlite3 (normal for local SQLite use) which has an install script; this is standard for native Node packages but will compile/install native bindings during npm install.
Credentials
The skill does not request unrelated external credentials in registry metadata. It uses local config (~/.clawdoctor/config.json) to store Telegram bot token and chat id and optionally reads CLAWDOCTOR_KEY from the environment for license activation — all expected. The daemon interacts with systemctl/journalctl and may require appropriate user permissions to restart services; users should confirm service restart semantics (user vs system units) on their host. No excessive or unrelated env vars are required by the package itself.
Persistence & Privilege
The package writes and maintains local files under ~/.clawdoctor (config, events.db, audit.jsonl, snapshots) which is consistent with a long-running monitor. always:false and normal autonomous invocation are set. It does not request permanent system-wide privilege beyond installing a user systemd unit if the user opts to do so.
Scan Findings in Context
[factsheet:stripe_webhook_idempotency_issue] unexpected: Factsheet notes the server-side Stripe webhook may generate a new license key on retries (no idempotency check). This is a server-side bug in the project's payment backend — it doesn't change the client's declared behavior but is worth knowing before using the service/entering a license.
[factsheet:license_validate_query_injection] unexpected: Factsheet documents that the /api/license/validate endpoint interpolates user-supplied key into a Stripe search query without strict validation; again, a server-side issue (input validation) rather than client-side code, but it affects how the project's license service behaves and could lead to unexpected server-side errors.
Assessment
What to consider before installing:
- Function: this is a local OpenClaw monitor/healer that reads ~/.openclaw files, writes data under ~/.clawdoctor, sends Telegram alerts, and can restart OpenClaw via systemctl or the openclaw CLI. That behavior matches the README and SKILL.md.
- Permissions: healing actions (systemctl restart or killing sessions) may require appropriate user permissions; prefer running with the least privilege needed and test in dry-run mode first (clawdoctor start --dry-run).
- Telegram: you must provide a bot token and chat id in config to receive alerts. If you enable inline-approval buttons, a dedicated callback bot token may be required; otherwise inline buttons fall back to suggested CLI commands.
- Licenses: paid-plan activation uses a remote validation call to clawdoctor.dev; the factsheet shows server-side bugs in their license endpoints (idempotency and query handling). Treat any license keys or payment flows with the usual caution and prefer using environment-based caching or local license files rather than exposing other secrets.
- Advertising mismatches: Slack/Discord alerting is advertised but not implemented—Telegram is the only alerter in code. RetentionDays and monitor limits are configurable but not strictly enforced automatically by the client.
- Review before auto-fix: enable dry-run and review the audit/snapshot files (~/.clawdoctor/audit.jsonl and snapshots/) before allowing auto-heal in production. Consider running the CLI manually for initial testing and confirm behavior for your systemd setup.
- Source trust: code is included in the skill bundle. If you plan to install globally (npm -g), inspect the package and prefer installing from the official npm name and repository (links are provided) and verify the package integrity.src/daemon.ts:312
Shell command execution detected (child_process).
src/snapshots.ts:92
Shell command execution detected (child_process).
src/utils.ts:18
Shell command execution detected (child_process).
src/watchers/auth.ts:145
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9782zj36hafrf2b8cbxnk33v9835x1y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsclawdoctor
Install
Install ClawDoctor (npm)
Bins: clawdoctor
npm i -g clawdoctor