ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

gpu monitor

v1.0.0

Provides real-time NVIDIA GPU usage and memory stats, plus Ollama model layer GPU/CPU distribution via server.log parsing with live updates.

0· 41·0 current·0 all-time
by@tinkerjueberg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is implemented to monitor NVIDIA GPUs (calls nvidia-smi) and to optionally parse an Ollama server.log; those capabilities align with the name/description. Minor inconsistency: registry metadata lists no required binaries, but both SKILL.md and the code require nvidia-smi and Python. Requiring access to an Ollama server.log is coherent for the stated 'layer distribution' feature.
Instruction Scope
Runtime instructions and the code remain narrowly scoped: they run nvidia-smi, read a per-user config file (~/.openclaw/gpu_monitor_config.json) if present, and optionally tail/parse a user-specified Ollama server.log path (reads last ~50 lines). There are no network calls, remote endpoints, or attempts to read other system credentials. Note: parsing an arbitrary log file is potentially sensitive depending on what file the user points it at, but this behavior is directly tied to the declared feature.
Install Mechanism
No install spec or remote downloads are provided; code files are bundled with the skill. No external archives or untrusted URLs are fetched or extracted by the skill.
Credentials
The skill requests no environment variables or credentials. It does read a config file in the user's home (~/.openclaw/gpu_monitor_config.json) and will read any log path provided by the user. This file access is proportional to the feature set, but the registry metadata could more accurately declare the dependency on nvidia-smi and the optional config/log path.
Persistence & Privilege
The skill does not request permanent/always-on privileges (always:false) and does not modify other skills or system-wide settings. A small surprising behavior: entry.py contains a helper that writes an entry.py file (self-overwrite/creation inside the skill directory). This is limited to the skill's directory and not evidence of privilege escalation, but users may want to be aware that the package can write files to its own installation folder.
Assessment
This skill appears to do exactly what it says: local GPU monitoring via nvidia-smi and optional Ollama server.log parsing. Before installing: 1) Ensure you have an NVIDIA GPU and nvidia-smi available (SKILL.md requires this, but registry metadata omitted it). 2) Be careful what log path you supply—pointing the tool at arbitrary system logs could expose sensitive information; the skill will read the specified log file. 3) The package includes Python files that run locally and will write an entry.py file into the skill directory; inspect the files if you don't trust the unknown source. 4) Because the skill has no network behavior, running it locally is lower risk—still run it in a user account with appropriate file permissions and review the code if you want higher assurance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c08ef9kpx801ptvtw4c9kj983qtby

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments