ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Assistant Reliability Watchtower

v0.1.0

Deterministic reliability monitoring for OpenClaw assistant workflows. Use when you need to run ARW smoke probes, generate a daily digest, validate scorecard...

0· 0·0 current·0 all-time
by@wit-oc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match what the package actually does: a repo-backed wrapper that runs arw.run (smoke, digest, validation flows), manages PYTHONPATH, and writes artifacts under artifacts/arw. No unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md and the script limit behavior to running ARW flows in a checked-out repo and reading the included docs/config. However, the wrapper spawns the repository's code (python -m arw.run) and imports repository modules (arw.alert) which will execute arbitrary code from that repo at runtime; this is expected for a repo-backed wrapper but is an important operational risk if the repo is untrusted.
Install Mechanism
No install spec; the skill is instruction-plus-script only. Nothing is downloaded or written by an installer, minimizing supply-chain risk from the skill bundle itself.
Credentials
No required env vars or credentials. The script optionally honors ARW_REPO_ROOT and sets PYTHONPATH to include the repo root; config delivery fields default to dry-run values. No secrets or unrelated platform credentials are requested.
Persistence & Privilege
always is false (normal). The skill runs subprocesses and imports code from the target repo—reasonable for its role but gives the skill the ability to execute arbitrary repo code and produce side effects in the repo working directory. Autonomous invocation is allowed by default (platform default) but not, by itself, a new risk here.
Assessment
This skill is coherent with its description: it’s a thin wrapper that runs ARW code in a repository you point it at. Before using it, verify the ARW checkout is trusted: review arw/run.py and arw.alert (and any modules imported by them), and run the skill in an isolated environment if the repo is untrusted. Check asset/example-config.json so delivery fields default to dry-run (avoid accidentally sending to real recipients), and prefer passing --repo-root explicitly rather than relying on autodiscovery. There are no required credentials in the skill itself, but the wrapper will execute repository code (both in-process import and via subprocess -m), which is the main operational risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk979zmdje9x2npp383pfxbsxnh84m6ah

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments