中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 25/100
Last scan:1 day ago Rescan
25 /100
ClawDoctor
OpenClaw Health Monitor & Fixer — real-time monitoring, one-click repair, security scanning, and web dashboard for OpenClaw
ClawDoctor is a legitimate OpenClaw health monitoring tool with undocumented system-level capabilities (process termination, shell commands, config modification) that create capability mismatches, but no confirmed malicious behavior was found.
Skill NameClawDoctor
Duration60.4s
Enginepi
Safe to install
Add SKILL.md declarations for shell:WRITE and filesystem:WRITE capabilities, unpin psutil in install.sh, and remove commented cloud exfiltration code. The tool should declare its process-killing and config-modification behaviors explicitly.

Findings 4 items

Severity Finding Location
Medium
SKILL.md omits all shell execution and process manipulation Doc Mismatch
SKILL.md only describes 'real-time monitoring' and 'one-click repair' without disclosing that the tool executes shell commands (pkill, launchctl, openclaw, tail, grep), terminates processes, and modifies configuration files in ~/.openclaw/
SKILL.md: no mention of subprocess, process kill, config write, shell commands
→ Add capability declarations: shell:WRITE (for process management), filesystem:WRITE (for config and log manipulation)
 SKILL.md:1
Low
install.sh runs pip install without version pinning Supply Chain
The install script runs 'pip3 install psutil --user' without specifying a version or version range, allowing any psutil release to be installed.
pip3 install psutil --user
→ Pin the dependency: pip3 install psutil==5.9.0 --user
 install.sh:13
Low
Undeclared config file read/write Sensitive Access
clawdoctor_simple.py reads and modifies ~/.openclaw/openclaw.json (backup, JSON validation, config patching) without declaring filesystem:WRITE access in SKILL.md.
json.dump(config, f, indent=2, ensure_ascii=False)
→ Declare filesystem:WRITE in SKILL.md since the tool intentionally modifies OpenClaw configuration files
 clawdoctor_simple.py:137
Low
Commented-out cloud exfiltration infrastructure Data Exfil
agent.py defines CONFIG with api_endpoint='https://api.clawdoctor.io/v1/heartbeat' and api_key, with a commented-out requests.post that would POST full system reports to an external cloud service. Not currently active but indicates exfiltration intent.
# response = requests.post(CONFIG['api_endpoint'], json=report, headers={'Authorization': f"Bearer {CONFIG['api_key']}"})
→ Either remove the commented code entirely or clearly document cloud reporting as an opt-in feature with explicit user consent
 agent.py:17
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✗ Violation install.sh:13 pip3 install; agent_v2.py:64 pkill -f; agent_v2.py:66 launchctl; c…
Filesystem NONE WRITE ✗ Violation clawdoctor_simple.py:137 json.dump modifies ~/.openclaw/openclaw.json; clawdocto…
Network NONE READ ✗ Violation clawdoctor.py:77 curl http://127.0.0.1:18789/; agent.py:17 api.clawdoctor.io end…
Environment NONE NONE No environment variable harvesting found
1 High 15 findings
📡
High IP Address 硬编码 IP 地址
8.8.8.8
clawdoctor.py:305
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/OpenClaw-Health%20Monitor-blue?style=for-the-badge
README.md:4
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/Python-3.10%2B-green?style=for-the-badge&logo=python&logoColor=white
README.md:5
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow?style=for-the-badge
README.md:6
🔗
Medium External URL 外部 URL
http://127.0.0.1:8080/dashboard.html
README.md:22
🔗
Medium External URL 外部 URL
https://api.clawdoctor.io/v1/heartbeat
agent.py:17
🔗
Medium External URL 外部 URL
http://127.0.0.1:18789/
agent.py:34
🔗
Medium External URL 外部 URL
https://cdn.tailwindcss.com
dashboard.html:7
🔗
Medium External URL 外部 URL
http://127.0.0.1:52691
dashboard.html:199
🔗
Medium External URL 外部 URL
http://127.0.0.1:64144
dashboard_simple.html:183
🔗
Medium External URL 外部 URL
https://checkout.paddle.com/checkout/product/pri_01kkm07e93d54fat920xe9b5rs
payment.html:48
🔗
Medium External URL 外部 URL
https://checkout.paddle.com/checkout/product/pri_01kkm09nvwj9ex7nssjf27kbch
payment.html:70
🔗
Medium External URL 外部 URL
https://checkout.paddle.com/checkout/product/pri_01kkm0bk13cv93jam6nq3tvj88
payment.html:91
🔗
Medium External URL 外部 URL
http://127.0.0.1:
server.py:117
📧
Info Email 邮箱地址
[email protected]
README.md:122

File Tree

16 files · 116.2 KB · 3061 lines
Python 7f · 1563L HTML 3f · 1084L Markdown 4f · 343L JSON 1f · 38L Shell 1f · 33L
├─ 🐍 agent_simple.py Python 84L · 2.5 KB
├─ 🐍 agent_v2.py Python 175L · 6.0 KB
├─ 🐍 agent.py Python 224L · 7.5 KB
├─ 🐍 clawdoctor_simple.py Python 353L · 11.3 KB
├─ 🐍 clawdoctor.py Python 465L · 15.2 KB
├─ 📄 dashboard_simple.html HTML 429L · 21.7 KB
├─ 📄 dashboard.html HTML 526L · 27.4 KB
├─ 🔧 install.sh Shell 33L · 991 B
├─ 📋 package.json JSON 38L · 935 B
├─ 📄 payment.html HTML 129L · 7.4 KB
├─ 📝 README_NEW.md Markdown 135L · 3.3 KB
├─ 📝 README.md Markdown 135L · 3.3 KB
├─ 📝 screenshot-placeholder.md Markdown 6L · 149 B
├─ 🐍 server_simple.py Python 114L · 3.3 KB
├─ 🐍 server.py Python 148L · 4.2 KB
└─ 📝 SKILL.md Markdown 67L · 1.0 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
psutil unpinned pip No pip3 install without version constraint in install.sh:13; package.json specifies ^5.9.0 but install.sh ignores it

Security Positives

✓ No base64, eval, or obfuscated code found across all files
✓ No credential harvesting loops (no iteration through os.environ for secrets)
✓ No curl|bash or wget|sh remote script execution
✓ No reverse shell, C2 communication, or confirmed data exfiltration
✓ No hidden instructions in HTML comments
✓ No access to ~/.ssh, ~/.aws, .env, or other credential paths
✓ Process termination is scoped to openclaw-gateway processes only
✓ Cloud reporting code is commented out (not active)
✓ Local-only logging saves to ~/.clawdoctor/ with no external transmission