Api Monitor Dashboard
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The tool can repeatedly contact any endpoint the user adds and can display endpoint/status data through a local web dashboard.
The generated server repeatedly fetches user-configured URLs and exposes a dashboard on port 3000. This is expected for an API monitor, but users should understand it will make recurring network requests and may expose monitoring results locally.
const res = await fetch(url); ... setInterval(monitor, 60000); ... }).listen(3000);
Only add endpoints you intend to monitor, avoid embedding secrets in URLs, and consider binding the dashboard to localhost or using a firewall if running on a shared network.
The skill may not work unless Node.js and jq are already installed, even though the registry metadata does not declare those requirements.
The script depends on Node.js and jq, while the registry requirements list no required binaries and there is no install spec. This under-declaration can cause unexpected setup failures or unclear runtime assumptions.
if ! command -v node &> /dev/null; then ... cat endpoints.json | jq ". += [\"$URL\"]"
Install and verify Node.js and jq yourself before use, or update the skill metadata to declare these dependencies.
A user might rely on alerting or history that the provided artifacts do not actually provide.
These features are advertised in the documentation, but the provided monitor.sh only creates a basic in-memory dashboard and does not implement notification channels, persistent history, or recovery detection.
- Email/Slack notifications - Historical data - Auto-recovery detection
Do not depend on this skill for production alerting unless the missing notification and persistence features are implemented and reviewed.