ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Elite Watcher

v1.0.0

Zero-latency intelligence engine for the OpenClaw ecosystem. Monitors core protocol commits from Peter Steinberger and top developers, distilling raw code di...

0· 389·2 current·2 all-time
bySystem Architect Zero@tmstudio667-commits
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
SKILL.md promises real-time commit monitoring and developer intel, but the included watcher.py does not perform any network monitoring or repository polling. The code only writes a static report file and never uses TRACK_LIST or makes HTTP requests despite importing requests. The declared requirements (no env vars, no binaries) are inconsistent with the claimed capability (which would normally need GitHub/X API tokens and network access).
!
Instruction Scope
Runtime instructions are vague and only tell the user how to run the skill; they do not disclose that the skill will write files to a hard-coded path (/Users/asdc163/.openclaw/workspace/intel_reports). The SKILL.md also suggests integrating an external component ('agent-twitter-client') and references Node.js versions without providing any installation steps or credentials, which is scope creep and unexplained.
Install Mechanism
No install spec is provided (instruction-only + one Python file). That reduces supply-chain risk, but the Python file imports the requests library without declaring it as a dependency. No remote downloads are present, so install risk is low, but the missing dependency declaration and mismatch between instructions and code are noteworthy.
!
Credentials
The skill requests no environment variables or credentials, yet its stated purpose (monitoring GitHub/X) would typically require API tokens. The hard-coded REPORT_PATH points to a specific user home directory (/Users/asdc163/...), which is disproportionate and could leak assumptions about the host. Lack of credential handling is inconsistent with the advertised functionality.
Persistence & Privilege
always is false and model invocation is allowed (normal). The skill writes files into the user's filesystem at a hard-coded location; while not a global privilege escalation, this persistent file-write behavior is surprising and should be disclosed to users. The skill does not modify other skills or system-wide settings.
What to consider before installing
This skill appears misleading: it advertises real-time monitoring but its code only creates a static report and does not query GitHub or X. Before installing or running it, consider: 1) Inspect and, if needed, change REPORT_PATH to a safe, configurable directory (or run in a sandbox/container). 2) Verify whether the skill will ever fetch network data—look for later versions that add requests usage; require review before granting network access. 3) Expect it to create files under the specified path; back up or audit that directory. 4) Ask the author (or reject) for a clear list of required credentials and exact network endpoints if you want true repo/X monitoring. 5) If you still want to test, run it in an isolated environment (container or VM) and monitor outbound network connections and file writes. Because the implementation is inconsistent with its description, do not grant broad trust or production access without a code review and clarification from the publisher.

Like a lobster shell, security has layers — review code before you run it.

alphavk97587y79era7ykndjtw7cvz19825g96intelvk97587y79era7ykndjtw7cvz19825g96latestvk97587y79era7ykndjtw7cvz19825g96monitoringvk97587y79era7ykndjtw7cvz19825g96openclawvk97587y79era7ykndjtw7cvz19825g96

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

SKILL.md

OpenClaw Elite Watcher

Stay ahead of the breakneck speed of OpenClaw development. This skill monitors high-signal nodes in the ecosystem and provides AI-driven summaries of technical changes.

Features

  • Real-time Commit Monitoring: Tracks the official OpenClaw repository.
  • Developer Intel: Monitors key contributors and their latest technical experiments.
  • Strategic Summaries: Converts complex code changes into human-readable bullet points.

Usage

Activate the watcher to get the latest ecosystem intelligence:

npx openclaw skill run openclaw-elite-watcher

Architect's Note

Information is the only currency in the Agentic Age. Built for the Sovereign Protocol.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…