Api Monitor Dashboard
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a simple, user-directed API monitoring script, but its setup and advertised features are incomplete and should be reviewed before relying on it.
This looks safe enough to inspect or run in a test directory, but it is very minimal. Before using it seriously, verify Node.js and jq are installed, run it in a dedicated folder to avoid overwriting generic files like server.js or endpoints.json, keep the dashboard restricted to trusted local access, and do not rely on the advertised Slack/email alerts or historical reporting unless those features are added.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The tool can repeatedly contact any endpoint the user adds and can display endpoint/status data through a local web dashboard.
The generated server repeatedly fetches user-configured URLs and exposes a dashboard on port 3000. This is expected for an API monitor, but users should understand it will make recurring network requests and may expose monitoring results locally.
const res = await fetch(url); ... setInterval(monitor, 60000); ... }).listen(3000);
Only add endpoints you intend to monitor, avoid embedding secrets in URLs, and consider binding the dashboard to localhost or using a firewall if running on a shared network.
The skill may not work unless Node.js and jq are already installed, even though the registry metadata does not declare those requirements.
The script depends on Node.js and jq, while the registry requirements list no required binaries and there is no install spec. This under-declaration can cause unexpected setup failures or unclear runtime assumptions.
if ! command -v node &> /dev/null; then ... cat endpoints.json | jq ". += [\"$URL\"]"
Install and verify Node.js and jq yourself before use, or update the skill metadata to declare these dependencies.
A user might rely on alerting or history that the provided artifacts do not actually provide.
These features are advertised in the documentation, but the provided monitor.sh only creates a basic in-memory dashboard and does not implement notification channels, persistent history, or recovery detection.
- Email/Slack notifications - Historical data - Auto-recovery detection
Do not depend on this skill for production alerting unless the missing notification and persistence features are implemented and reviewed.