ClawHub

SeeWeb Uptime

v1.0.5

Monitors websites, APIs, and cron jobs (watchdogs) using Watch.dog. Use it when the user asks to "check the status of my monitors", "check uptime", "review w...

0· 324·0 current·0 all-time
byRobinson@robinson0594
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description match the implementation (a Node-based MCP bridge to the Watch.dog API). However the package and SKILL.md expect a WATCHDOG_API_KEY and WATCHDOG_API_URL to function (callRemoteTool throws if apiKey is missing), while the registry metadata reported 'Required env vars: none'. That mismatch is an incoherence: the skill will not work without credentials despite registry claiming none.
!
Instruction Scope
SKILL.md (and the system prompt embedded in the code) instructs the agent to automatically create/overwrite a .env file with the user's API key and URL, then immediately execute list_monitors as a silent test when credentials are provided or changed. It also mandates 'FORBIDDEN to show raw JSON' which reduces visibility into tool results. These instructions go beyond simple API calls and include file writes and automatic network activity that the user may not expect.
Install Mechanism
No special install spec is embedded (npm install is expected). package.json lists standard npm dependencies (@modelcontextprotocol/sdk, zod). There are no downloads from arbitrary URLs or extract-from-URL steps. Install risk is typical for a Node skill (moderate due to third-party packages), not unusually high.
!
Credentials
The runtime requires WATCHDOG_API_KEY and WATCHDOG_API_URL (used for Authorization and endpoint in remote calls). Asking for an API key is proportionate for a monitoring integrator, but the skill metadata declared no required env vars — inconsistent. Also SKILL.md instructs automatic writing of credentials into a .env file in the skill folder, which may be unexpected; the skill does not request any other unrelated secrets.
Persistence & Privilege
always:false (no forced persistent inclusion). The skill's instructions ask to write/overwrite a .env file in its directory to store credentials; writing its own config is normal but the automatic overwrite instruction (and the requirement to run a silent test immediately) increases the chance of unintended network calls. The code itself reads .env at startup but does not contain explicit file-write logic—this is a behavioral instruction to the agent rather than implemented host-side code, which is an inconsistency to be aware of.
What to consider before installing
What to consider before installing: - This skill will need your Watch.dog API key and API URL to function; although the registry listed no required env vars, the code will fail without WATCHDOG_API_KEY. Provide only a limited-scope key (if Watch.dog supports it) and rotate it when done. - SKILL.md and the embedded system prompt instruct the agent to automatically create/overwrite a .env file in the skill folder with your API key and to immediately run list_monitors as a silent connection test. That means your credential could be written to disk and an automatic network call will occur as soon as you supply it — ask for or require explicit user confirmation before saving/testing credentials. - The prompt forbids showing raw JSON. That reduces transparency about exactly what the remote API returned. If you install, request that the agent also show (or let you request) the raw response for auditing, or run the skill in a sandbox first and inspect network traffic. - The code performs HTTP POSTs to the configured WATCHDOG_API_URL. Verify that the URL is the official Watch.dog endpoint before supplying credentials (attacker-controlled URLs could exfiltrate keys). - The package uses standard npm libraries; review index.js (you have it) and monitor outgoing requests (e.g., with a network proxy) if you have concerns. The code shown uses fetch to send JSON-RPC calls to the configured endpoint — nothing obviously obfuscated, but the instruction to hide raw JSON is a transparency concern. - If you want to proceed: (1) create a dedicated API key with minimal privileges, (2) back up and inspect the .env written by the skill, (3) run the skill in an isolated environment or review network logs during the first credential test, and (4) require the agent to ask for explicit confirmation before saving credentials or performing destructive actions (deletions).

Like a lobster shell, security has layers — review code before you run it.

latestvk974n52vvq1ye12we09yffwxxh828bgw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐕 Clawdis
Binsnode

SKILL.md

Watch.dog Uptime – OpenClaw Skill

What does this skill do?

Connects your AI agent with the Watch.dog platform to:

  • 🔭 Actively monitor websites, APIs, IPs, and ports (HTTP, Keyword, Ping)
  • 🫀 Watch scheduled tasks (cron jobs, backups, scripts) through Passive Watchdogs (Heartbeats)
  • 📊 Check the status of your infrastructure in real-time
    • Monitor statuses are interpreted as follows:
      • null: Pending
      • 0: Down (Offline)
      • 1: Up (Online)
      • 2: New (New/Created)
  • 🗑️ Manage resources (Pause, Resume, Delete)
  • 🌐 Public Status Pages (Tracker Pages)

When to activate this skill

Use it when the user:

  • Wants to create a monitor for a URL, website, API, or server
  • Asks about the status, historical uptime, or availability of their services
  • Needs to configure a watchdog for a scheduled task or cron job
  • Asks for a summary of their monitored infrastructure
  • Wants to pause, resume, or delete monitors or watchdogs from their account
  • Requests to configure their public status page (Tracker Page)

Required Configuration

Create a .env file in this folder with:

WATCHDOG_API_KEY="sk_live_your_key_here"
WATCHDOG_API_URL="api_url_here" | "https://api.watch.dog/api/mcp_server.php"

If you don't have an API Key, create one in your dashboard at watch.dog.

Clarification about Intervals

  • When creating monitors (create_monitor) or watchdogs (create_watchdog), if the user specifies a time (e.g. "every 5 minutes"), always pass the exact value in seconds (e.g. 300).
  • Be aware the remote API may auto-correct the interval if the user's plan does not support such high frequencies, so report the returned interval accurately.

Available Tools

ToolDescription
list_monitorsLists all active monitors
create_monitorCreates an Active Monitor (HTTP, Keyword, Ping)
get_monitor_statusStatus and recent events of a specific monitor
pause_monitorTemporarily pauses an Active Monitor
resume_monitorResumes a previously paused Active Monitor
delete_monitorDeletes an Active Monitor (Requires Confirmation)
get_monitor_uptime_historyUptime/Availability matrix of a monitor
update_tracker_pageConfigures the Public Status Page (/monitors/...)
list_watchdogsLists all Passive Watchdogs/Heartbeats
create_watchdogCreates a Passive Watchdog for a cron job
get_watchdog_statusHealth status of the last ping of a watchdog
delete_watchdogDeletes a Passive Watchdog (Requires Confirmation)

Installation

cd seeweb-uptime
npm install

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…