v1.0.0

Agent Status Monitor

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:13 AM.

Analysis

The core monitor is mostly read-only, but the included Telegram command can expose local agent status from broad chat scopes without clear access controls.

GuidanceThe local status checks appear read-only and purpose-aligned, but enable the Telegram pieces only if you restrict them to trusted/private chats. Review any OpenClaw config changes before running install.js, and avoid running prompt-history reference commands unless you intend to reveal that content.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

telegram-commands/index.js

const result = execSync(SCRIPT_PATH, {
            encoding: 'utf-8',
            timeout: 30000,
            env: { ...process.env, FORCE_COLOR: '0' }

The Telegram handler executes a local shell script. The command path is fixed and no user-controlled arguments are passed, so this is purpose-aligned but still important for users to notice.

User impactInvoking the command runs local shell-based status checks on the user's machine.

RecommendationKeep the command fixed, avoid adding user-controlled shell arguments, and only enable the Telegram command in trusted contexts.

Rogue Agents

SeverityLowConfidenceHighStatusNote

telegram-commands/install.js

config.commands.aliases['agents_monitor'] = {
        type: 'exec',
        command: '~/.openclaw/workspace/skills/agent-status-monitor/scripts/check-agents.sh',
        description: '检查本地开发 Agent 运行状态',
        streaming: false
    };

If run, the installer persistently adds an exec alias to the user's OpenClaw configuration.

User impactThe /agents_monitor command can remain available after restarts until the user removes the config entry.

RecommendationBack up ~/.openclaw/openclaw.json, check for existing aliases before installing, and remove the alias if Telegram command access is not wanted.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

telegram-commands/agents_monitor.plugin.json

"command": "agents_monitor",
        "description": "检查本地开发 Agent（Claude Code、OpenCode 等）的运行状态",
        "scope": "all"

The Telegram command is configured for all scopes, but the artifacts do not show an enforced private-chat or authorized-user boundary for returning local agent status.

User impactPeople in broad bot contexts, such as groups where the bot is present, could receive local agent status, session counts, and tool details.

RecommendationLimit the command to private or authorized chats, add explicit access checks, and document the remote Telegram exposure in the main skill description.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

references/agent-commands.md

cat ~/.local/state/opencode/prompt-history.jsonl

A reference command would display OpenCode prompt history, which may contain private conversation or task context. The included status scripts do not run this command.

User impactRunning that reference command could reveal prompt contents rather than just status metadata.

RecommendationTreat reference commands as manual diagnostics only and do not view prompt-history files unless the user explicitly asks for that content.