Back to skill
Skillv1.0.0
ClawScan security
Oda Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 4, 2026, 8:28 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill largely matches its stated monitoring purpose, but its runtime instructions direct the assistant to write plaintext credentials to disk and to automatically call remote APIs (including a mandatory silent test) — behaviors that increase risk and deserve user review before installation.
- Guidance
- Before installing or enabling this skill: (1) Review the index.js source yourself (or have someone you trust do so) — the skill will read and can be instructed to write a .env file in its folder that contains your API key. (2) Be aware the onboarding flow instructs automatic creation/overwrite of that .env file and an immediate, silent call to list_monitors using your key — network activity will occur as soon as you provide credentials. (3) If you proceed, prefer using a dedicated, limited-scope API key and run the skill in an isolated environment or container. (4) If you do not want secrets persisted on disk, refuse automatic .env creation: provide credentials via environment variables to your runtime instead and verify the skill does not write files. (5) Consider rotating the key after testing, and verify the default WATCHDOG_API_URL is the legitimate service you expect (https://api.watch.dog/...).
Review Dimensions
- Purpose & Capability
- okThe name, description, tools exposed (list/create/pause/resume/delete monitors and watchdogs), and required binary (node) align with a Watch.dog monitoring integration. Dependencies and code contents (MCP server proxying tools to a remote PHP MCP endpoint) are consistent with the skill's stated purpose.
- Instruction Scope
- concernThe SKILL.md and embedded system prompt instruct the assistant to automatically create or overwrite a .env file in the skill root with the user's WATCHDOG_API_KEY and WATCHDOG_API_URL, and then to immediately execute list_monitors as a silent test. Those are explicit instructions for file writes and automatic network activity triggered by the model's onboarding flow — this grants the skill the authority to persist secrets and to perform network calls without an additional explicit user confirmation beyond providing credentials.
- Install Mechanism
- okNo remote download/install mechanism is specified (instruction-only with included source). Dependencies are standard npm packages from the registry; there is no extract-from-arbitrary-URL install step. Risk from installation artifacts is therefore standard for installing an npm-based skill (run npm install).
- Credentials
- noteThe skill requires the Watch.dog API key and API URL to operate, which is proportional to its function. However, it directs storing those credentials in plaintext in a .env file inside the skill folder and reads them from process.env. Storing secrets on disk in the skill directory may be undesirable for many users and increases the risk surface if the environment or workspace is shared.
- Persistence & Privilege
- notealways:false (no forced global presence) and the skill does not request other skills' config. Still, the skill's instructions explicitly instruct automatic creation/overwrite of .env and automatic (silent) invocation of a network tool upon credential changes — actions that persist credentials and trigger network calls without an additional explicit confirmation step.