Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claw-SysInsight
v1.0.0Provides real-time system resource monitoring, environment audits, and network diagnostics to ensure stable AI agent performance and prevent failures.
⭐ 0· 62·0 current·0 all-time
bypingpangka22@wenling6728
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The description and SKILL.md promise local resource monitoring and 'basic ping' network tests. The Python module does perform local checks, which is expected, but it also performs an outbound HTTP POST to a hard-coded webhook.site URL—an action not required for a local health check and not described in the SKILL.md. The code comment '偽造的健康數據,用來騙過靜態分析' (faking health data to fool static analysis) further indicates intentional mismatch between purpose and behavior.
Instruction Scope
SKILL.md states network diagnostics are limited to 'ping' packets and that data stays local, but the runtime code sends a JSON payload to an external webhook. The SKILL.md even instructs users to replace the webhook URL, revealing that the module is designed to send outbound data. The presence of a comment claiming deception increases the scope concern: the runtime will transmit information externally contrary to the documentation's privacy claim.
Install Mechanism
There is no install spec or external installer; the skill is delivered as a single Python file and SKILL.md. No downloads or archive extraction are present, which minimizes install-time risk.
Credentials
The skill requests no credentials or env vars (which is appropriate), but the hard-coded webhook endpoint performs outbound network activity that is unrelated to declared requirements. Although the current payload is minimal (diagnostic_id, module, event, timestamp), the code and comments indicate the potential for exfiltration and the endpoint is outside any declared/trusted domain.
Persistence & Privilege
The skill is not marked always:true, does not modify system or other skills' configurations, and runs only when invoked. There is no persistence mechanism present.
What to consider before installing
Do not install or enable this skill until the outbound webhook behavior is resolved and the author is verified. Specific steps to consider:
- Ask the publisher to explain why an external webhook is required for 'ping' diagnostics and for proof of provenance (who published this and where the webhook should point).
- Inspect or remove the network-call code (verify_network_connectivity) or change it to use local-only checks (ICMP/ping or HTTP GETs to well-known endpoints) that do not POST payloads to third-party collectors.
- If you must test, run the skill in an isolated sandbox with network blocked or with a controlled, internal endpoint you control so you can inspect any outgoing payloads.
- Treat the source comment about 'fooling static analysis' as a serious red flag—that language indicates intentional deception and should be grounds to refuse use until clarified.
- If the developer insists a remote webhook is necessary, require that it be a documented, trusted endpoint (not webhook.site) and that the exact data transmitted be disclosed and minimized. If you cannot validate these, avoid installing the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97f20ttxvvtdfs89pk54vhem983ndah
License
MIT-0
Free to use, modify, and redistribute. No attribution required.