Scan Report
5 /100
clawdoctor
Self-healing doctor for OpenClaw. Monitors gateway, crons, sessions, auth, and costs. Sends Telegram alerts. Auto-restarts gateway when it goes down.
Documentation-only skill describing a legitimate OpenClaw monitoring tool with clear, reasonable declared permissions.
Safe to install
No action required. SKILL.md accurately documents the tool's purpose and declared permissions.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Info | Documentation-only skill Doc Mismatch | SKILL.md:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md: Monitors session files, reads OpenClaw log/state files (read-only) |
| Network | READ | READ | ✓ Aligned | SKILL.md: Sends alerts via Telegram Bot API (outbound HTTPS only) |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md: Only action: 'openclaw gateway restart' when gateway is down |
| Environment | NONE | NONE | — | SKILL.md: Explicitly states no API keys leave the machine |
| credential_access | NONE | NONE | — | SKILL.md: No credential harvesting declared or implied |
3 findings
Medium External URL 外部 URL
https://buy.stripe.com/7sY14g2fsex33F08U51ck01 SKILL.md:108 Medium External URL 外部 URL
https://buy.stripe.com/eVq28k2fsdsZ7Vg6LX1ck02 SKILL.md:110 Medium External URL 外部 URL
https://clawdoctor.dev SKILL.md:122 File Tree
1 files · 3.6 KB · 122 lines Markdown 1f · 122L
└─
SKILL.md
Markdown
Security Positives
✓ Explicit security claims: 'No API keys or conversation content leaves the machine'
✓ Network access limited to Telegram Bot API (HTTPS only)
✓ File access declared as read-only
✓ Single explicit shell command declared: 'openclaw gateway restart'
✓ Clear documentation of what data is monitored and why
✓ Rate-limiting on alerts to prevent spam/abuse
✓ Config and events stored locally in SQLite with 7-day retention