ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Live Monitoring Dashboard

Zero-token real-time Discord monitoring dashboard for OpenClaw. Displays system health, cron jobs, sessions, and performance analytics via persistent Discord...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 183 · 0 current installs · 0 all-time installs
byRic Lewis@keylimesoda
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README/SKILL.md describes a dashboard that posts to a monitoring Discord channel, but many files contain hard-coded user/channel IDs and scripts that send messages to a specific user (target: 'user:311529658695024640'). Registry metadata declared only curl/jq/top/df as required binaries, yet the code expects 'openclaw', 'ps', 'uptime', 'bc' and other tools. Also the package shows many code files despite the manifest claiming 'No install spec / instruction-only' — these mismatches are unexplained.
!
Instruction Scope
Runtime instructions and scripts gather system/process/cron data (ps, top, df, uptime, openclaw cron list) which matches monitoring, but generated OpenClaw session scripts call message({ action: 'send' ... target: 'user:311529658695024640' }) — i.e., they will send collected system activity to a specific user unless reconfigured. SKILL.md also instructs adding cron jobs that repeatedly execute skill scripts; that persistence + data collection could leak sensitive information to the configured target if not reviewed.
Install Mechanism
There is no remote download/install of third‑party code in the manifest (install.sh, package.json and scripts are bundled), which lowers supply-chain risk. However the package claims 'instruction-only' while ship contains many executable scripts and an install.sh — an inconsistency the user should note (scripts will be written/executed on install/run).
!
Credentials
The skill declares no required environment variables, but the code uses process.env.LIVE_MESSAGE_ID and relies on OpenClaw session privileges to post/edit messages. It also contains hard-coded user and channel IDs and state files with message/guild IDs — effectively requiring access to OpenClaw/Discord posting capability without declaring credentials. Asking nothing explicitly while expecting platform-level messaging permission is disproportionate and risky.
Persistence & Privilege
always:false (good). The skill suggests creating cron jobs (via OpenClaw cron add) to run every 30s/1m which gives it ongoing execution in the OpenClaw environment. That autonomous scheduling is expected for monitoring but combined with hard-coded remote targets increases blast radius if misconfigured. The skill does not request to modify other skills or system-wide configs beyond its own state files.
What to consider before installing
Do not install or run this skill without manual review. Key actions to take before trusting it: 1) Search all scripts for hard-coded targets (the ID '311529658695024640' and channel/message IDs in config/live-state.json) and change them to your own monitoring channel or remove the hard-coded target entirely. 2) Confirm the OpenClaw 'message' and 'cron' commands will post only to a channel you control — the current code posts to a user ID which can leak system/cron/process info to that recipient. 3) Audit scripts that call 'openclaw cron add', 'openclaw cron list', 'ps', 'top', 'df', 'uptime' — these collect system and cron contents that may include sensitive data; run them in an isolated test environment first. 4) Replace any developer defaults in config/*.json and config/live-state.json before enabling automatic cron scheduling. 5) If you accept the behavior, run the tooling manually in a safe environment and verify the first post/edits go only to your desired channel; do not enable automatic cron jobs until verified. The inconsistencies between declared requirements and actual script behavior (missing dependency declarations, bundled executables despite 'instruction-only' claim, and hard-coded message targets) are the primary reasons this skill is suspicious.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.0
Download zip
latestvk979d82yap1zc58jy33ze2fj8d82bmmz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binscurl, jq, top, df

SKILL.md

Live Monitoring Dashboard

Zero-Token Real-time Discord monitoring for your OpenClaw ecosystem

What it does

Creates a dedicated Discord channel with live-updating messages showing:

🤖 Activity Monitoring (Slice 1 & 2)

  • Active subagents and their current tasks
  • Running and recent cron jobs with status
  • OpenClaw activity and system processes
  • Session count and activity overview

🖥️ System Health (Slice 3)

  • Real-time CPU, memory, and disk usage
  • System uptime and process monitoring
  • Status indicators with color-coded alerts

📈 Performance Analytics (Slice 4) ✨

  • Historical performance trend analysis
  • Smart threshold-based alerting system
  • Peak usage tracking and pattern detection
  • Configurable alert thresholds

Zero Token Cost: Uses shell scripts + Discord CLI commands instead of expensive LLM calls for 100% cost efficiency.

Updates every 60 seconds with zero message spam - only edits existing messages.

Installation

npm install
./install.sh

Configuration

The skill will:

  1. Create a dedicated monitoring channel (#tommy-monitoring by default)
  2. Post initial dual dashboard messages (Activity + System Health)
  3. Begin live zero-token updates automatically
  4. Initialize performance analytics and alert thresholds

Usage

Once installed, the monitoring runs automatically with these commands:

Manual Performance Tracking:

./scripts/performance-tracker.sh track    # Log current metrics and check alerts
./scripts/performance-tracker.sh trends   # Show performance trends
./scripts/performance-tracker.sh alerts   # View recent alerts
./scripts/performance-tracker.sh cleanup  # Clean old performance data

Configuration: Performance thresholds can be customized in config/performance-config.json:

{
    "cpu_warning": 70,
    "cpu_critical": 85,
    "mem_warning": 75,
    "mem_critical": 90,
    "disk_warning": 80,
    "disk_critical": 95,
    "retention_days": 7
}

Requirements

  • Discord channel configured in OpenClaw
  • message tool available
  • Basic system utilities (ps, top, uptime, df)
  • jq for JSON configuration parsing
  • bc for mathematical calculations

Complete Feature Set (All 4 Slices)

✅ Slice 1 & 2: Discord Activity Monitoring

  • OpenClaw session tracking and activity overview
  • Cron job status monitoring (21+ jobs supported)
  • Subagent detection and lifecycle tracking
  • Process monitoring with real-time updates

✅ Slice 3: System Health Monitoring

  • Real-time CPU/memory/disk usage with smart indicators
  • System uptime tracking and stability monitoring
  • Critical events logging with 10-event circular buffer
  • Status indicators: 🟢 Normal / 🟡 Medium / ⚠️ High / 🚨 Alert

✅ Slice 4: Performance Analytics & Smart Alerts

  • Historical trend analysis: CPU/memory patterns over time
  • Smart threshold alerting: Configurable warning/critical levels
  • Peak usage tracking: Daily maximums and averages
  • Data retention: Configurable history (default 7 days)
  • Alert logging: Comprehensive alert history with timestamps
  • Trend detection: Simple directional analysis (↗️↘️→)

✅ Zero Token Architecture:

  • Shell-based updates: Direct openclaw message edit CLI usage
  • No LLM inference: Pure data collection and formatting
  • 100% cost efficiency: Eliminated 2.8M daily token waste
  • Sustainable operation: Real-time monitoring with zero ongoing costs

Architecture

Update Cycle (60-second intervals):

  1. Data Collection: System metrics via shell commands (top, df, uptime)
  2. Performance Tracking: Historical logging and trend analysis
  3. Alert Processing: Threshold checking and alert generation
  4. Discord Updates: Direct message editing via OpenClaw CLI
  5. Cleanup: Automatic old data removal based on retention policy

File Structure:

live-monitoring-dashboard/
├── scripts/
│   ├── zero-token-dashboard.sh      # Main dashboard updater
│   └── performance-tracker.sh       # Slice 4 analytics
├── config/
│   ├── live-state.json             # Runtime state
│   └── performance-config.json      # Alert thresholds
└── data/
    ├── performance/                 # Daily metrics (CSV)
    └── alerts.log                   # Alert history

Performance

  • CPU Impact: Minimal (shell commands only)
  • Memory Usage: <1MB for data storage
  • Disk Usage: ~100KB/day for metrics (auto-cleanup enabled)
  • Network: Only outbound Discord API calls
  • Token Cost: ZERO (no LLM inference required)

🚀 Ready for Production | Built for OpenClaw Community

Developed during trust window sessions March 5, 2026 - demonstrating zero-token operational excellence and partnership-level autonomous development.

Files

30 total
Select a file
Select a file to preview.

Comments

Loading comments…