Auto Monitor - System Monitoring
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: auto-monitor Version: 1.0.0 The `SKILL.md` file, which provides instructions to the AI agent, contains a highly risky directive: '可以自动修复的立刻处理' (Immediately handles issues that can be automatically fixed). This instruction grants the agent broad, proactive execution capabilities to modify the system without explicit, per-action user consent. While the stated purpose is benign (system maintenance), this design introduces a significant vulnerability, as it could lead to unintended system changes, data loss, or be exploited for arbitrary command execution if the 'auto-fix' logic is flawed or compromised. This is a critical RCE risk inherent in the skill's design, classifying it as suspicious rather than malicious due to the lack of explicit intent for harm in the provided files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may continue monitoring and interrupting the user beyond a single requested task.
The skill explicitly instructs recurring autonomous checks and proactive messages, but does not define a start/stop boundary, maximum duration, or user-controlled scheduling.
1. 定期检查(每 N 分钟) ... 不等用户问"服务器怎么样" ... 发现问题主动说
Require explicit user opt-in for monitoring sessions, including interval, duration, scope, notification rules, and a clear stop command.
If the agent has system tools, it could make unintended changes such as restarting services, killing processes, or changing configuration without confirmation.
The skill tells the agent to immediately handle anything it can automatically repair, but it does not specify allowed actions, approval requirements, reversibility, or safety limits.
可以自动修复的立刻处理
Keep the skill read-only by default and require user approval before any remediation or system-changing action.