ClawHub
Back to skill
v1.0.0

OpenClaw Elite Watcher

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:18 AM.

Analysis

The skill advertises real-time OpenClaw monitoring, but the included code only writes a hard-coded, unsupported report to a specific local workspace path.

GuidanceReview this skill carefully before installing. It appears to generate a local report with unsupported claims rather than actually monitoring OpenClaw sources, and it writes to a fixed developer-specific path instead of a disclosed user-selected location.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
watcher.py
f.write("- **[系統]**:成功切換至 Intel Agent 模式,全面追蹤核心開發者動態。\n")

The code generates a report asserting successful core-developer tracking, while the artifacts show no actual repository, profile, or X monitoring logic despite the SKILL.md advertising real-time monitoring.

User impactA user or agent could trust fabricated or unsupported intelligence summaries when making decisions about OpenClaw development.
RecommendationRequire the skill to fetch and cite real data sources, clearly label any placeholder content, and avoid claims of monitoring unless the code actually performs it.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
watcher.py
REPORT_PATH = "/Users/asdc163/.openclaw/workspace/intel_reports"

The script creates and writes reports to a hard-coded, user-specific absolute path that is not disclosed in the skill metadata or SKILL.md usage instructions.

User impactRunning the skill may create or overwrite files in an unexpected local workspace path instead of a user-approved report location.
RecommendationUse a configurable path inside the invoking user's approved workspace, disclose the write location, and avoid hard-coded developer home directories.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
watcher.py
import requests

The included Python file imports a third-party package, but the package has no install spec or dependency declaration; this is a packaging/provenance gap rather than direct evidence of malicious behavior.

User impactThe skill may not run reproducibly, and users cannot easily tell what runtime dependencies are expected.
RecommendationDeclare required runtime dependencies and how the included Python file is invoked, or remove unused dependencies.