Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Syscheck
v1.0.5System health checker and diagnostics tool. Quick overview of CPU usage, memory, disk space, uptime, load average, and running processes. Monitor system reso...
⭐ 0· 232·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description claim a system-health tool (CPU, memory, disk, processes). The included script implements many command handlers (scan, monitor, report, export, status, search, recent) and maintains a data directory under $HOME. The visible portion of the script focuses on logging and exporting entries; the metric-gathering pieces (e.g., running top/df/free) were not visible in the truncated content — so the overall purpose is plausible but you should verify the rest of the script actually collects the promised system metrics.
Instruction Scope
SKILL.md instructs use of the syscheck CLI and examples are scoped to system checks. The script itself reads and writes only to its own data directory (~/.local/share/syscheck) and uses common command-line tools (grep/tail/du/wc/cat). It does persist user-provided inputs (commands like scan/report/alert/...) into log files; that means sensitive strings passed to the tool will be stored in plain files under the user's home directory. No instructions or code in the provided portion attempt to read unrelated system credentials or network endpoints.
Install Mechanism
No install spec or remote download is present; the skill is instruction/code-only. There are no external URLs or archive extracts. This is a low install-risk footprint — files included are the script and SKILL.md.
Credentials
The skill declares no required environment variables or credentials. The script uses HOME implicitly to create a per-user data directory, which is proportionate for a local CLI tool. No secrets, API keys, or external service auth are requested.
Persistence & Privilege
The script creates and writes to ~/.local/share/syscheck and maintains history/log files there — this is expected for a monitoring tool but does introduce on-disk persistence of recorded inputs and events. The skill does not request global or system-wide privileges, and 'always' is false.
Assessment
This skill is internally consistent with a local sysadmin CLI: it stores state and logs under ~/.local/share/syscheck and does not request external credentials or perform downloads in the provided files. Before installing or running it: (1) review the remainder of scripts/script.sh to confirm there are no network calls, shell execs that read sensitive system files (e.g., /etc/*, ssh keys, cloud credentials), or commands that escalate privileges; (2) be aware that any text you pass to commands like report/scan/alert will be written in cleartext to log files in your home directory — avoid sending secrets; (3) run it in a sandbox or test account initially if you want to observe behavior; (4) if you need automatic/periodic runs, ensure log rotation/cleanup is configured so logs don't accumulate. If you can provide the rest of the script or confirm there are no network operations in the truncated portion, confidence in this assessment would increase.Like a lobster shell, security has layers — review code before you run it.
latestvk977jg91cwr3v4p5x5nysmxvjx831mt7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.