ClawHub

Session Monitor

v1.0.0

自动监控和显示会话状态信息,包括token消耗、模型信息和功能状态。支持开关控制和自定义显示格式。

0· 505·5 current·6 all-time
byDaYu@yangdaowan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description match the bundled Python scripts: the code reads session data and formats/injects status info. Requiring python3 is proportional. However the SKILL.md advertises environment variables (SESSION_MONITOR_ENABLED, SESSION_MONITOR_FORMAT) and hook-based automatic injection; the implementation instead reads/writes a JSON config file in OPENCLAW_WORKSPACE and does not reference those SESSION_MONITOR_* env vars or explicit hook APIs. This mismatch is likely a documentation/API mismatch rather than malicious, but it's unexplained.
!
Instruction Scope
SKILL.md describes slash commands (/token, /status) and automatic injection via OpenClaw hooks. The provided CLI implements different flags (--toggle, --status, --inject) and the Python code only exposes file-based config and an inject_status(response, session_data) method — it does not itself register hooks or implement slash-command handlers. The instructions therefore overstate automatic integration; they also mention environment variables that the code does not read. That gives the agent or integrator extra work and could cause unexpected behavior if the platform expects direct hook registration.
Install Mechanism
No install spec is included (instruction-only), and the code is pure Python with no external network calls or downloads. Requiring python3 is reasonable. Because there is no external install URL or package fetch, install risk is low.
Credentials
The skill does not request secrets or other environment credentials. The only environment variable actually used in code is OPENCLAW_WORKSPACE (to locate session_monitor_config.json). SKILL.md lists SESSION_MONITOR_* env vars that are not implemented; this mismatch should be clarified. The default workspace path (/home/admin/.openclaw/workspace) may be surprising and will cause the skill to read/write files there.
Persistence & Privilege
always is false and the skill only writes a config file into the declared workspace path. It does not modify other skills' configs or system-wide settings. Autonomous invocation is allowed by platform defaults but is not, by itself, a problem here.
What to consider before installing
This skill appears to implement the advertised session/status display and is low-risk in terms of network access or secret exfiltration, but there are documentation vs. code mismatches you should resolve before installing: 1) SKILL.md mentions /token slash commands and SESSION_MONITOR_* environment variables that the bundled Python does not implement — ask the author which interface the platform should use (CLI flags vs. slash commands vs. hook registration). 2) The code reads/writes a config file under OPENCLAW_WORKSPACE (default /home/admin/.openclaw/workspace) — confirm that path is appropriate for your environment to avoid accidental file writes/overwrites. 3) If you want automatic injection via the platform hooks, verify the integration code or adapter will call inject_status(session_data) — the packaged scripts do not register hooks themselves. If you are uncertain, test the skill in a controlled environment (or inspect/run the scripts manually) before enabling it broadly.

Like a lobster shell, security has layers — review code before you run it.

latestvk974mprhcgpqdmhftn2j9mp3vh821hez

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binspython3

Comments