Skillv1.0.0

ClawScan security

Server Health Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 20, 2026, 12:39 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested permissions are consistent with a server-health monitoring tool and do not contain obvious misdirection or hidden exfiltration.
Guidance: This skill appears to do what it says: run read-only system commands to return CPU, RAM, disk, and Docker status. Before installing, consider: 1) The agent must have shell access — run the agent with least privilege so the skill only sees what you want it to (avoid running the agent as root if unnecessary). 2) If you do not want container names/status exposed, ensure the agent cannot access the Docker socket/CLI. 3) The SKILL metadata doesn't list required binaries (top, free, df, docker) — check your host has compatible utilities or rely on Node.js fallbacks. 4) Because the code uses child_process.exec, review the code and keep it under source control so you can detect future modifications. If you are comfortable with those points, the skill is internally consistent with its stated purpose.

Review Dimensions

Purpose & Capability: noteThe name/description match the code: the skill runs read-only system commands (top, free, df, docker) and Node.js fallbacks to produce server metrics. One minor mismatch: the SKILL metadata/requirements list no required binaries even though the code expects standard system utilities (top, free, df, docker). This is likely an omission, not malicious, but means the platform should ensure those binaries exist.
Instruction Scope: okSKILL.md and skill.js limit actions to collecting system metrics and printing structured JSON. The instructions do not reference unrelated files, undisclosed env vars, external endpoints, or 'use your judgment' style broad data collection. The skill logs and returns only local metrics (including Docker container names/status), which is consistent with its stated purpose.
Install Mechanism: okThere is no automated install step (instruction-only skill with included code). No downloads from arbitrary URLs or archive extraction occur. The README suggests copying the folder into the workspace and restarting OpenClaw, which is standard for local skills.
Credentials: okThe skill requests no environment variables or external credentials. It does require shell access to execute system commands, which is proportionate to gathering host metrics. The only implicit requirement is access to the Docker socket/CLI if Docker container status is desired — this is expected for the feature.
Persistence & Privilege: noteThe skill is not marked always:true and is user-invocable only. However, it requires shell execution permission (declared in SKILL.md) and will therefore run system commands with whatever privileges the agent process has. That privilege is necessary for its function but means it will see anything the agent user can read (including containers if Docker socket is available).