Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw Diagnostics
v1.0.7OpenClaw 系统诊断和性能分析工具。分析 agent 推理耗时、Token 用量、工具调用统计、 Run 时间线、Gateway 重启历史。支持多种模式:批量分析(默认)、实时跟踪(-f)、 摘要统计(-s)、高级诊断(--advanced)。支持多 Agent 过滤。 使用场景:当用户询问 OpenCla...
⭐ 0· 80·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match a local diagnostics tool and the included script implements that. However registry metadata claims no required config paths or credentials while the script explicitly reads session files (~/.openclaw, /root/.openclaw, /etc paths) and can modify openclaw.json and restart the Gateway — those resource requirements should have been declared.
Instruction Scope
SKILL.md instructs the agent to execute the bundled script and to send the script stdout 'raw' via message(action="send"). The script reads session logs (which can contain full user/tool messages and possibly secrets), system config files, and may write/restore openclaw.json and restart the gateway. It also uses interactive prompts (/dev/tty) which may block in non-interactive agent runs. Sending raw logs back to chat without model filtering can leak sensitive data.
Install Mechanism
No install spec (instruction-only with a script). Low installation risk because nothing is downloaded or extracted; code is bundled in the skill. Still review the bundled script before use.
Credentials
The skill declares no required env vars or config paths, yet the script accesses multiple system paths (~/.openclaw, /root/.openclaw, /etc/openclaw/openclaw.json, /tmp logs) and requires python3 and an 'openclaw' CLI. The lack of declared file/config access is an inconsistency and reduces transparency about what secrets/data the skill may access.
Persistence & Privilege
always:false (good), but the script can modify system config and restart the OpenClaw Gateway (privileged actions). Advanced mode requires interactive confirmation, but the agent could still be scripted to invoke those actions. Combined with autonomous invocation capability, this raises operational risk if the agent runs the skill without a human in the loop.
What to consider before installing
This skill appears to implement a legitimate diagnostics tool, but review before enabling: (1) inspect scripts/openclaw-diag.sh yourself — it reads ~/.openclaw and /tmp logs and can modify openclaw.json and restart the Gateway; (2) be aware the skill will send raw script output back to the user (may contain PII or secrets); (3) the manifest did not declare the config paths or binary dependencies (python3, openclaw CLI) — that's an inconsistency; (4) advanced mode performs privileged actions and uses interactive prompts (/dev/tty) which may hang in non-interactive agent runs; (5) if you install, consider restricting autonomous invocation, require explicit human confirmation before running advanced options, run initially on a non-production/staging host, and only enable summary (-s) mode until you trust the code and behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk9767ysvjwc20ag6mn4px8903n83egdm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.