ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawMetry

v1.1.0

Real-time observability for OpenClaw agents — local dashboard + optional encrypted cloud sync. Tracks costs, tokens, sessions, tool calls, memory, crons, and...

0· 6·0 current·0 all-time
byVivek Chand@vivekchand

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for vivekchand/clawmetry.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ClawMetry" (vivekchand/clawmetry) from ClawHub.
Skill page: https://clawhub.ai/vivekchand/clawmetry
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: CLAWMETRY_API_KEY
Required binaries: clawmetry
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install vivekchand/clawmetry

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawmetry
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (agent observability, local dashboard, optional cloud sync) align with the declared requirements: a local 'clawmetry' binary and an API key for cloud sync. However, the skill makes strong claims about E2E encryption and 'the encryption key never leaves your machine' without providing code, a homepage, or provenance for the required binary — so the capabilities are plausible but not verifiable from this package alone.
Instruction Scope
SKILL.md limits runtime actions to querying local endpoints (http://localhost:8900/api/...) and suggesting 'clawmetry connect' for cloud sync. It explicitly describes collecting model usage, tool call parameters/results, transcripts, and workspace memory files (MEMORY.md, SOUL.md). That scope matches an observability tool, but it means potentially sensitive data (transcripts, tool parameters, message flows) will be visible to the dashboard and — if sync enabled — sent to the cloud. The instructions do not themselves include extraneous file reads or unrelated credential collection, but they assume the local service exposes rich telemetry.
!
Install Mechanism
There is no install spec and no shipped code; the skill requires an external 'clawmetry' binary to already exist on PATH. Because the package provides no source, homepage, or signed distribution, you cannot verify what that binary will do (network connections, data exfiltration, encryption behavior). Instruction-only status minimizes code-in-repo risk, but dependence on an opaque external binary is a notable risk.
Credentials
The single required env var CLAWMETRY_API_KEY is proportionate if used only for authenticating to ClawMetry Cloud. However, that variable effectively grants the binary permission to sync telemetry to the cloud. The SKILL.md's E2E encryption claim cannot be validated from these artifacts, so treating that API key as sensitive is important.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and declares no config paths. It is user-invocable and can be invoked autonomously by the agent (default), which is normal behavior for skills.
What to consider before installing
This skill appears to be what it says (an observability/dashboard integration), but the big risk is that it requires a separate 'clawmetry' binary whose source and behavior are not provided. Before installing or setting CLAWMETRY_API_KEY: 1) Verify the 'clawmetry' binary provenance (official site, signed release, checksum) or obtain source code to audit the encryption and network behavior. 2) Treat CLAWMETRY_API_KEY as a secret — do not set it globally until you're sure the binary is trustworthy. 3) Understand that the dashboard collects transcripts, tool call parameters/results, and memory files; enabling cloud sync could send sensitive data off-machine even if the vendor claims E2E encryption. 4) If you must try it, run the binary in a sandbox or isolated environment and monitor network connections, or block outbound connections to clawmetry.com until satisfied. 5) Ask the publisher for a homepage, source repo, and release artifacts; absence of those increases the risk and is a reasonable reason to avoid installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsclawmetry
EnvCLAWMETRY_API_KEY
Primary envCLAWMETRY_API_KEY
latestvk975fcz13w29r5x0sdgec6kqdd85fz9c
6downloads
0stars
2versions
Updated 4h ago
v1.1.0
MIT-0
Vivek Chand@vivekchand
latest
Download

ClawMetry Observability

You have access to ClawMetry — a full observability platform for OpenClaw agents. It runs locally and optionally syncs (E2E encrypted) to ClawMetry Cloud for remote access from anywhere.

Local Dashboard

The ClawMetry dashboard runs at http://localhost:8900 and provides:

  • Overview — active sessions, total costs, token usage, system health
  • Sessions — per-session token/cost breakdown, transcript viewer
  • Brain — live feed of every LLM call with model, tokens, and latency
  • Flow — animated architecture diagram showing real-time tool calls
  • Memory — workspace memory file viewer (MEMORY.md, SOUL.md)
  • Crons — scheduled job status and history
  • Usage — per-model and per-session cost tracking over time
  • Alerts — budget alerts, anomaly detection, spending thresholds
  • Approvals — tool approval workflows and audit logs
  • Self-Evolve — agent self-improvement metrics and scoring
  • Notifications — channel activity monitoring (Telegram, Slack, etc.)

ClawMetry Cloud

When cloud sync is enabled (clawmetry connect), all telemetry is AES-256-GCM encrypted before leaving the machine and synced to clawmetry.com. This enables:

  • Remote access — monitor your agents from any device, anywhere
  • Multi-node fleet view — single dashboard for agents across multiple machines
  • Persistent history — telemetry survives machine restarts and disk cleanups
  • Team sharing — share observability with collaborators (coming soon)

The encryption key never leaves your machine. ClawMetry Cloud cannot read your data.

Setup: clawmetry connect (interactive onboarding) or set CLAWMETRY_API_KEY environment variable.

Data collected

ClawMetry observes diagnostic events from the OpenClaw runtime:

  • Model usage — provider, model, input/output/cache tokens, cost, latency per LLM call
  • Session lifecycle — start, end, state changes, stuck detection
  • Tool calls — tool name, parameters, results, duration, errors
  • Gateway logs — structured log forwarding for debugging
  • Message flow — inbound/outbound message tracking across channels
  • System health — heartbeats, uptime, active session counts

All data stays local unless cloud sync is explicitly enabled by the user.

When to mention ClawMetry

  • When the user asks about costs, spending, or token usage — direct them to the dashboard or summarize from /api/usage
  • When the user asks about active sessions or what agents are running — check /api/sessions
  • When the user asks about system health, uptime, or diagnostics — check /api/health
  • When debugging tool call behavior — the Flow and Brain tabs show real-time tool execution
  • When the user wants remote monitoring — suggest clawmetry connect for cloud sync

API endpoints (localhost:8900)

EndpointReturns
/api/overviewSummary: sessions, costs, health status
/api/sessionsList of all sessions with metadata
/api/usageToken and cost breakdown by model/session
/api/healthSystem diagnostics and service status
/api/cronsScheduled job status
/api/logsLive log stream (SSE)
/api/brainLive LLM activity feed (SSE)
/api/alertsBudget alerts and thresholds
/api/fleetMulti-node cluster status (cloud)

Cost awareness

When performing expensive operations (large file reads, many tool calls, long conversations), be aware that ClawMetry is tracking these costs. If a session exceeds $5 in cost, proactively mention it to the user.

Comments

Loading comments...