ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ProcessGuard — Critical Process Monitor & Auto-Restart

v2.1.4

Monitor critical processes and auto-restart on failure. Tracks CPU and memory usage, escalates alerts via webhook, callback, or file, and writes a dead man's...

0· 369·4 current·4 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the implementation: monitoring, health checks (HTTP/TCP/pid/command), auto-restart, resource tracking (optional pidusage), heartbeat file, local dashboard and alert escalation. Nothing requested by the skill (no env vars, no external credentials, no install spec) is disproportionate to the stated purpose.
Instruction Scope
SKILL.md and README instruct the agent to require and run the provided ProcessGuard module which will: read pid files, run health-check commands, execute restart commands, write heartbeat/log/alerts files, and optionally POST JSON to webhook endpoints. Those behaviors are expected for a monitor, but they are powerful: restart/check commands run subprocesses and can cause side effects if misconfigured; alerts can be delivered to arbitrary external endpoints. The README promises blocking of shell operators and a required allowlist (or explicit allowAnyCommand) to mitigate injection risk; code enforces shell-operator blocking and require an explicit security posture when restarts are configured. Note: the README mentions exec/execSync but the shipped code uses spawn/spawnSync (documentation mismatch only).
Install Mechanism
No install spec is provided (instruction-only skill plus included source files). That is low risk from an install standpoint; optional dependency pidusage is only needed to enable resource monitoring and is installed by the user if desired.
Credentials
The skill does not request environment variables or credentials. It performs file I/O (logs, heartbeat, alerts) and network calls to configured webhooks/dashboard; these are justified by the monitoring/alerting purpose. Users should validate configured webhook URLs and file paths before enabling.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It will, however, write files to the working directory and open a local HTTP dashboard port if enabled — both expected for this functionality. The default ability for agents to invoke skills autonomously is normal and not flagged here.
Assessment
This skill appears to do what it claims, but it executes user-configured commands and writes files and may send alerts to external URLs. Before installing or running: 1) review every configured restart/check command and prefer using commandAllowlist (recommended) rather than allowAnyCommand; 2) choose non-sensitive locations for log/heartbeat/alert files and run under a least-privileged account; 3) verify webhook endpoints you configure to avoid accidental data exposure; 4) if you did not obtain the package from a trusted source, consider auditing the full source (the shipped src/process-guard.js is mostly visible but truncated here) or running in an isolated environment first. If you want higher assurance, provide the complete untruncated source for a full review.
src/process-guard.js:203
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

auto-restartvk970tdpt0pb489y91d4kedkz4s82sdmxdevopsvk97e040fpwzas8zzmjxwngkqsn82snc2latestvk970tdpt0pb489y91d4kedkz4s82sdmxmonitorvk970tdpt0pb489y91d4kedkz4s82sdmxprocessvk970tdpt0pb489y91d4kedkz4s82sdmxprocess-guardvk97e040fpwzas8zzmjxwngkqsn82snc2reliabilityvk970tdpt0pb489y91d4kedkz4s82sdmxuptimevk97e040fpwzas8zzmjxwngkqsn82snc2watchdogvk970tdpt0pb489y91d4kedkz4s82sdmx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments