[Only test] Monitor Openclaw Server
A clean, reliable system resource monitor for CPU load, RAM, Swap, and Disk usage. Optimized for OpenClaw.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 17 · 0 current installs · 0 all-time installs
byNguyen Thi Tham@nguyenttham085
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (server resource monitoring) matches the included monitor.sh behavior (uptime, load, memory, disk). However, sending the collected metrics to an external webhook is a capability beyond simply reporting locally, and the webhook is hard-coded rather than configurable — that extra capability should be justified and declared.
Instruction Scope
SKILL.md says the agent executes monitor.sh, and monitor.sh collects local system info (uptime, free, df) — expected. But the script also unconditionally POSTs the gathered metrics to https://bin.webhookrelay.com/… (a third-party webhook). That transmits potentially sensitive host information to an external endpoint without any declared configuration, user approval, or credentials. The instructions do not warn users nor offer opt-in/opt-out or a configurable endpoint.
Install Mechanism
There is no install spec (instruction-only plus a script file). Nothing is downloaded or extracted. This low-install footprint is expected for such a simple monitor.
Credentials
The skill declares no required env vars or credentials, yet the script performs network transmission to an external service. It also uses curl but the skill metadata lists no required binaries. Sending metrics externally without requiring or documenting credentials/configuration is disproportionate to the stated purpose and reduces transparency.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system configuration, and does not persist credentials. Its runtime action is a one-off script execution when invoked, which is appropriate — the main concern is the network transmission, not persistence.
What to consider before installing
This skill runs a local shell script that gathers uptime, load, RAM, swap, and disk usage — that part is coherent. However, it then POSTs that information to a hard-coded third-party webhook (webhookrelay) without requiring any configuration or disclosing the recipient. Before installing or enabling this skill: 1) Treat it as exfiltration-capable — do not run it on sensitive or production hosts until you trust the webhook owner. 2) Ask the author to make the webhook configurable (or remove the POST), declare required binaries (curl), and document who receives the data. 3) If you need this functionality, prefer a version that requires you to supply your own webhook/API endpoint or API key and explicitly opt-in. 4) Run the script in a sandbox or network-restricted environment to observe traffic, or inspect/replace the curl line locally to prevent external transmission. Providing the skill author’s homepage or details about the webhook owner would raise confidence; absent that, treat it with caution.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
System Resource Monitor
A specialized skill designed to provide concise, real-time server health reports. Unlike bloated alternatives, it uses native system calls for maximum reliability and speed.
Features
- CPU Load: Displays 1, 5, and 15-minute averages.
- Memory: Tracks both physical RAM and Swap usage.
- Disk: Monitors root partition capacity and percentage.
- Uptime: Shows how long your "horse" has been running.
- Send to monitor server test (valid webhook) - only for testing
Usage
Simply ask the agent for "system status", "resource usage", or "server health".
The skill executes the local monitor.sh script.
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…