Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
VPS Guardian
v1.0.0Autonomous VPS monitoring and auto-remediation — kills runaway procs, frees disk, restarts dead services, hardens security. Not alerts. Action.
⭐ 0· 17·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match what the code does: process killing, disk cleanup, service restarts, iptables modifications, journald/apt operations. Requiring root/sudo is proportional to those tasks. However the SKILL.md refers to external project pages and a raw GitHub download URL while the package metadata shows no homepage; that provenance mismatch is notable.
Instruction Scope
Runtime instructions and the included code both read and modify system state extensively (/proc, /var/log, /tmp, systemctl, journalctl, apt-get, iptables). These are within the stated purpose but are high-risk operations (process kills, file removals, firewall changes). The SKILL.md claims some safe behaviors (e.g., 'never auto-blocks — always requires approval', 'detect >90% CPU for 5+ minutes') that the code does not fully implement as described (CPU check is a lifetime-average approximation; approval gating behavior is controlled by config but its enforcement path/interaction is not clearly auditable). The docs also instruct downloading the script from raw.githubusercontent.com, which is an external network fetch outside the packaged skill.
Install Mechanism
The skill package itself contains the Python script, but SKILL.md instructs users to curl a script from raw.githubusercontent.com. Raw GitHub is a common host but is an external download (supply-chain risk) and the referenced repo/homepage are absent from the package metadata. There is no formal install spec in the registry; installing via the documented curl command would fetch code outside the registry bundle.
Credentials
The skill requests no environment variables and no unrelated credentials. It does require root/sudo (documented) which is proportionate to its tasks (service control, iptables, file removals), but that level of privilege makes any bugs or unexpected behavior potentially destructive.
Persistence & Privilege
The skill is not set to always:true and model invocation is not disabled (normal). It offers daemon mode and cron scheduling in the docs; running it persistently as root grants continuous ability to act on the host. This is coherent with its purpose but increases blast radius — test carefully before enabling autonomous/daemon operation.
What to consider before installing
This skill does what it says (automated remediation) and therefore needs root — that makes mistakes or hidden behavior dangerous. Specific concerns: the README tells you to curl a script from raw.githubusercontent.com even though the package contains the script (provenance mismatch); some doc claims (CPU over 5 minutes, approval gates) don't match the code's simplistic implementation; there are bugs (e.g., incorrect f-string usage in journal vacuum command) that could prevent intended behavior. Before installing: (1) review the full guardian.py source line-by-line (especially iptables, kill logic, file deletions and systemctl calls); (2) run in a disposable/test VM or container as root only after inspection; (3) use --dry-run and confirm logs before enabling daemon/cron; (4) avoid blindly following the curl instruction — use the bundled script from a verified source or fetch only from a repository you trust; (5) verify the approval/auto-block logic and whitelist behavior to avoid accidental lockout. If you lack the ability to audit the code, treat this skill as high-risk and do not run it on any production VPS.Like a lobster shell, security has layers — review code before you run it.
latestvk97406xhzckqbcpk182d3mcvgh850zwd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.