Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OCM Monitor
v1.0.0OpenClaw Manager monitoring & auto-restart. Detect if service is down (port 18789 / process), auto-restart via CLI then UI, opens Dashboard page. Supports lo...
⭐ 0· 10·0 current·0 all-time
by@poyobi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a Windows PowerShell script (monitor_ocm.ps1) that does process/port checks, pixel scans, and UI clicks and calls the openclaw CLI. The package only contains package.json and SKILL.md; the actual script and implementation are missing. Also the registry metadata lists no required binaries, yet the instructions assume PowerShell/.NET and the openclaw CLI are present.
Instruction Scope
Instructions direct local execution of a PowerShell script that compiles embedded C# (Add-Type) to control mouse/window operations and perform pixel scans and clicks by coordinates — actions that can interact with arbitrary GUI windows. While these actions align with 'auto-restart' functionality, they grant broad desktop control and could have unintended side effects; the actual script to review is absent.
Install Mechanism
There is no install spec (instruction-only). That is lowest install risk, but because the runtime relies on a missing script file, it raises coherence concerns rather than installation risk.
Credentials
The skill declares no required env vars or binaries, yet runtime instructions assume PowerShell/.NET and the 'openclaw' CLI exist and will be invoked. The skill also writes logs to <skill-path>/ocm_monitor.log and may be scheduled via the platform's cron — these require filesystem and CLI access. The lack of declared runtime requirements is inconsistent and disproportionate.
Persistence & Privilege
The skill is not forced-always and does not request elevated platform privileges in metadata. It suggests adding a cron job via openclaw cron add (an example), which is a normal way to persist checks but should only be done after verifying the script contents.
Scan Findings in Context
[no_code_files_found] unexpected: The regex scanner saw no code files because this is instruction-only, but SKILL.md references a concrete script (monitor_ocm.ps1) and embedded C# which are not present — the absence is unexpected and prevents review of the actual behavior.
What to consider before installing
Do not run or schedule this skill as-is. Ask the publisher for the actual monitor_ocm.ps1 source and any embedded C# code and review them before executing. Verify the script contains no network endpoints, no external downloads, and that Add-Type usage is limited to local window/mouse helpers. Confirm that the openclaw CLI commands invoked are safe (only restart/status) and that click coordinates are window-relative (not absolute) so they can't interact with other apps. Run the script in a controlled Windows test environment (isolated VM) first, check the created log file for unexpected output, and only then consider adding any scheduled runs. The main red flags are: the runtime script is missing from the package and required runtime binaries are not declared.Like a lobster shell, security has layers — review code before you run it.
latestvk976pg5q8seyrms7h0s4xmnqbx849nw8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.