ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Api Monitor Dashboard

Real-time monitoring dashboard for API uptime, response times, error rates, custom health checks, and alert notifications via email or Slack.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 221 · 2 current installs · 2 all-time installs
by@Sunshine-del-ux
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (API monitoring dashboard) aligns with the included script: monitor.sh writes a simple Node.js server that polls endpoints and serves a dashboard. However the SKILL metadata declared no required binaries while SKILL.md lists Node.js 18+ and the script actually depends on jq as well. The capability requested (monitoring endpoints) matches the code, but the declared requirements are incomplete.
!
Instruction Scope
SKILL.md tells the user to run ./monitor.sh start and then open http://localhost:3000, but monitor.sh's start branch only writes server.js and endpoints.json and does not invoke node server.js — it does not actually start the server. The status action reads data/*.json, but nothing in the shipped code ever writes files into data/ (the Node server only logs results to console and keeps them in memory). The add action uses jq to mutate endpoints.json but jq is not listed as a required binary. The script will make network requests to any endpoints added — if you add internal URLs you could cause requests to internal services (SSRF-like behavior) so endpoints should be chosen carefully.
Install Mechanism
No install spec and no remote downloads; the skill is instruction-only with a local shell script and a generated server.js. There is no automatic installation of third-party code or external downloads, so disk-write risk is limited to the working directory when the script runs.
Credentials
The skill declares no environment variables or credentials and the code does not read environment variables or external secrets. It only reads/writes files in the current directory (server.js, endpoints.json, optional tmp.json) and creates data/ and logs/ directories. Requested privileges are proportional to its stated purpose.
Persistence & Privilege
always is false and the skill does not modify system-wide settings or other skills. It only writes files in the local working directory; it does not request persistent platform privileges.
What to consider before installing
This skill appears to implement a simple API-monitoring dashboard, but fix the inconsistencies before running it. Specifically: - The start action does not launch the Node server. After running ./monitor.sh start you must run node server.js (Node 18+) yourself to run the dashboard. Consider modifying monitor.sh to run node server.js in the background if you expect automatic startup. - The add action depends on jq, but jq is not documented in SKILL.md or the registry metadata. Install jq or change the script to avoid it. The script's declared 'required binaries: none' is inaccurate. - The status command expects data/*.json files, but nothing in the provided code writes to data/; expect the status output to be empty unless you add code to persist checks. - The monitor will perform HTTP requests to any endpoint you add. Do not add untrusted or internal-only URLs unless you understand the network exposure (this can cause requests to internal services or external hosts you do not intend to contact). Recommendations before installing/using: - Inspect/modify monitor.sh and the generated server.js to start the server automatically and to persist monitoring results if you need the status command to work. - Install Node 18+ and jq (or remove jq usage). - Run the script in an isolated environment (container) if you will monitor untrusted endpoints, and review endpoints.json before starting. - If you are not comfortable editing the script, do not run it with elevated privileges; run it from a dedicated directory and avoid running as root.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97fbr030yw87e4rg91akyd41h829q79

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

API Monitor Dashboard

Real-time API monitoring and alerting system.

Features

  • Real-time uptime monitoring
  • Response time tracking
  • Error rate alerts
  • Custom health checks
  • Email/Slack notifications
  • Historical data
  • Auto-recovery detection

Usage

# Start monitoring
./monitor.sh start

# Add endpoint
./monitor.sh add https://api.example.com/health

# Check status
./monitor.sh status

Dashboard

Open browser to view dashboard:

http://localhost:3000

Configuration

Edit config.json to customize:

  • Check intervals
  • Timeout settings
  • Alert thresholds
  • Notification channels

Requirements

  • Node.js 18+
  • Docker (optional)

Author

Sunshine-del-ux

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…