ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Error Monitor Fix

v3.0.0

错误监控 - 扫描 JSON 日志、捕获 ERROR 级别错误、OpenClaw 系统级错误修复建议

0· 169·0 current·0 all-time
byc32@amd5

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for amd5/error-monitor-fix.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Error Monitor Fix" (amd5/error-monitor-fix) from ClawHub.
Skill page: https://clawhub.ai/amd5/error-monitor-fix
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install error-monitor-fix

ClawHub CLI

Package manager switcher

npx clawhub@latest install error-monitor-fix
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description align with the provided scripts: both monitor /tmp/openclaw/*.log and produce fix suggestions. That capability justifies reading logs and producing reports. Minor mismatch: skill.json declares a postinstall script (bash scripts/install.sh) and systemd requirement, but no install.sh exists in the bundle — this is incoherent and could be a packaging/metadata error.
!
Instruction Scope
SKILL.md states “所有修复策略改为提示手动,不再执行文件系统修改”, but both scripts write to ~/.openclaw/workspace (append error.md, write .error-dedup.json and .fix-log.json). auto-fix.js executes system commands via child_process.execSync (ss pipeline and openclaw sessions cleanup --dry-run). The runtime instructions/behavior therefore go beyond the read-only description in SKILL.md.
!
Install Mechanism
No install spec is provided (instruction-only), which is low-risk, but skill.json lists a postinstall script (bash scripts/install.sh) that is missing from the package. That metadata/code mismatch is suspicious: either an expected install script is omitted or metadata was not updated. The included Node scripts will run if invoked but there is no automated installer in the bundle.
Credentials
The skill requests no credentials and no declared env vars, and only reads HOME (process.env.HOME). That is proportionate. However the code reads /tmp logs, writes to ~/.openclaw/workspace, and runs system commands (ss, openclaw CLI), which means it will access local system state and potentially require privileges to inspect sockets — appropriate for a monitoring tool but worth noting because SKILL.md claimed no filesystem modifications while the code does persist data.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It does not modify other skills' configuration. Autonomous invocation is permitted (platform default) but not combined with an 'always:true' flag or broad credential requests.
What to consider before installing
This skill is plausible for log monitoring, but there are clear inconsistencies you should resolve before installing: (1) SKILL.md claims no filesystem writes, yet the scripts append to ~/.openclaw/workspace/error.md and write .error-dedup.json / .fix-log.json — if you want read-only behavior, inspect and remove file-write calls. (2) skill.json references scripts/install.sh which is missing — ask the author or treat that as a packaging error. (3) auto-fix.js runs system commands (ss, openclaw sessions cleanup --dry-run); these will execute on your machine when you run the scripts. Recommended next steps: review the two JS files line-by-line (or run them in an isolated sandbox/container), back up ~/.openclaw/workspace before running, verify presence/trust of the openclaw CLI, and if you need stricter guarantees, modify the scripts to run in dry-run/read-only mode only. If you cannot verify the missing install script or the author identity, treat this skill cautiously and avoid giving it persistent or automated execution on production hosts.
scripts/auto-fix.js:66
Shell command execution detected (child_process).
scripts/auto-fix.js:28
Environment variable access combined with network send.
scripts/monitor-error.js:20
Environment variable access combined with network send.
!
scripts/auto-fix.js:104
File read combined with network send (possible exfiltration).
!
scripts/monitor-error.js:33
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c2jjackk527g7xancbx7tw984vgr9
169downloads
0stars
10versions
Updated 1w ago
v3.0.0
MIT-0
c32@amd5
latest
Download

Error Monitor Fix — 错误监控技能

版本: 2.3.0 (所有修复策略改为提示手动,不再执行文件系统修改)
创建日期: 2026-03-23
更新日期: 2026-04-14

📋 功能

实时监控 OpenClaw 运行日志中的 error 类型错误,自动追加到 error.md,并尝试自动修复。

📂 文件结构

skills/error-monitor-fix/
├── SKILL.md
├── skill.json
├── _meta.json               # ClawHub 元数据
└── scripts/
    ├── monitor-error.js     # 错误监控(JSON 日志解析 + 去重)
    └── auto-fix.js          # 自动修复(5 种策略)

🔧 修复策略

策略匹配条件动作
Gateway 重启(提示手动)gateway/ws/连接错误⚠️ 提示用户手动重启
端口释放(只读检查)EADDRINUSE检查 node 监听端口
会话清理(只读检查)INVALID_REQUESTdry-run 检查

缓存清理、权限修复属于 dev/test/rule 子代理操作范畴,不属于本技能。

📊 Cron 任务

任务名频率Job ID
错误监控修复每 5 分钟176ecc83

⚠️ 注意事项

  • 去重窗口:1 小时(避免同一错误重复报告)
  • 日志格式:JSON 行格式
  • 输出:追加到 memory/error.md

Comments

Loading comments...