ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

System Watchdog

System resource monitoring. Detects actionable anomalies (memory pressure, runaway processes, disk pressure) and reports only when something needs attention....

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 319 · 4 current installs · 4 all-time installs
by@BrennerSpear
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the included check.sh which inspects RAM, swap, load, disk and processes. However the registry metadata lists no required binaries while the script requires Python 3 and several system utilities (ps, df, sysctl, vm_stat, nproc or equivalent). That mismatch is unexpected and should be corrected/clarified.
Instruction Scope
SKILL.md contains narrow, explicit instructions: run the bundled check.sh, parse JSON output, and only report when suspicious is true. The script reads normal system files (/proc/meminfo, /proc/loadavg, runs ps, df, vm_stat/sysctl) and writes a lightweight state file to ~/.openclaw/workspace/state/... — behavior consistent with a local watchdog. No instructions direct data to external network endpoints.
Install Mechanism
No install spec (instruction-only skill) and the package includes the script. Nothing is downloaded from remote URLs and no archives are extracted. This is low-risk from an install mechanism perspective.
Credentials
The skill requests no credentials or env vars except an optional SYSTEM_WATCHDOG_STATE override. That is proportionate. However the manifest not declaring required binaries (python3, ps, df, sysctl/vm_stat, nproc) is inconsistent and could mislead users about runtime needs.
Persistence & Privilege
The script persists state under the user's home (~/.openclaw/workspace/state/system-watchdog-state.json) so it retains history between runs. It does not request elevated privileges, modify other skills or system-wide configs, and always:false. Persisting a state file in the user's home is reasonable for this purpose but the user should be aware of the file location and contents.
What to consider before installing
This skill appears to be a local system-monitor intended to read system metrics and persist lightweight state to ~/.openclaw/workspace/state/system-watchdog-state.json. Before installing: 1) Inspect the full check.sh file (the provided bundle was truncated in the listing) to confirm there's no unexpected network calls or hidden behavior. 2) Ensure Python 3 and standard system utilities (ps, df, sysctl/vm_stat on macOS, nproc or equivalent on Linux) are available — the manifest currently doesn't list these. 3) Accept that the script will write a JSON state file to your home directory; if you prefer a different path, set SYSTEM_WATCHDOG_STATE. 4) Run the script locally once to review the JSON output and verify it behaves as documented. If you can provide the remainder of the script (the truncated portion), I can re-evaluate and raise confidence.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.0
Download zip
latestvk97a4dc7t98xn1ffn84r8hdns9836d8h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

System Watchdog

System watchdog for your machine. Detect real, actionable anomalies and stay quiet about normal steady-state conditions. Auto-detects Linux vs macOS.

Goal

Optimize for few, high-signal alerts.

Do not alert on:

  • process age alone (long-running is not "stale")
  • Docker/container/virtualization baseline memory usage
  • absolute disk-used GB unless near a real limit
  • generic top-process lists without an actual anomaly

Do alert on:

  • memory pressure that is worsening (swap growth, low available memory, macOS compressor pressure)
  • runaway process growth (memory leak signals via delta tracking)
  • sustained abnormal CPU burn (>2 cores for >15 min)
  • disk pressure near a practical limit (>90% or <20 GB free)

How to Invoke

bash ~/.openclaw/skills/system-watchdog/check.sh

The script outputs JSON to stdout. Parse the output and decide whether to report.

Override the state file path: SYSTEM_WATCHDOG_STATE=/path/to/state.json

Output Format

{
  "suspicious": true,
  "verdict": "watch|investigate|act_now|ok",
  "os": "Darwin|Linux",
  "summary": {
    "ram": "19.3/32.0 GB (60.4%)",
    "swap": "1.6/3.0 GB",
    "swap_delta": "+0.2 GB",
    "load": "3.30/2.21/2.17",
    "cores": 10,
    "disk": "14/926 GB (3%)",
    "available": "8.50 GB available",
    "free": "0.08 GB truly free",
    "inactive": "11.88 GB inactive/speculative",
    "compressed": "5.16 GB compressed"
  },
  "issues": [ ],
  "top_processes": [ ],
  "ignored_normals": [ ]
}

Note: available is Linux-only (MemAvailable). free, inactive, compressed are macOS-only (vm_stat breakdown).

Detection Philosophy

1. Memory pressure, not just RAM usage

High RAM usage alone is noisy. The script tracks swap growth since last run and low available/free memory as stronger signals. On macOS, high compressor usage with low free pages is also flagged.

2. Runaway behavior, not stale age

Never flag a process just because it has been running a long time. Look for memory growth (delta since last run) and sustained CPU instead.

3. Disk only when it matters

Ignore absolute disk usage. Only report disk when it is actually nearing a practical limit.

Agent Workflow

  1. Run check.sh
  2. Parse the JSON output
  3. If suspicious is false → do nothing (no message)
  4. If suspicious is true → format a concise report
  5. Lead with the verdict and the 1–3 most important findings

Report Format

⚠️ System Watchdog — VERDICT

Why this matters:
- <1–3 concise findings from issues[].why>

Evidence:
- RAM <summary.ram>
- Swap <summary.swap> (<summary.swap_delta>)
- Load <summary.load>

Recommended:
- <issue suggested_action>

Ignored: process age, Docker baseline, disk absolute usage

Keep it short. Do not dump every top process unless it directly supports an issue.

State Tracking

The script persists lightweight state to ~/.openclaw/workspace/state/system-watchdog-state.json so it can detect changes since last run (swap growth, per-process memory growth) rather than only snapshot values.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…