Bot Status API

OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 8 This skill is classified as suspicious due to several high-risk capabilities, despite its stated purpose as a monitoring API. The `collectors/email.js` and `collectors/services.js` files allow for arbitrary shell command execution via the `config.json` file, which could be exploited if the configuration is compromised. Furthermore, `server.js` globally disables TLS certificate validation (`NODE_TLS_REJECT_UNAUTHORIZED = "0"`), weakening the security of all HTTPS connections, including those transmitting sensitive data like API keys (e.g., in `collectors/docker.js`). The skill also reads sensitive files like `auth-profiles.json` in `collectors/core.js` to report on bot configuration, which, while for a stated purpose, involves handling sensitive data.