📦 Test — 状态监控

v0.0.1

部署轻量级状态 API，一键暴露 OpenClaw 机器人运行健康、服务连通、定时任务、技能与系统指标，零依赖，仅 Node.js。

0· 1.5k·0 当前·0 累计

by @suspect80

API工具系统工具开发工具

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

Do not run code you don't have or can't inspect. Before installing: 1) Obtain the referenced files (server.js, collectors/, package.json, config.example.json) from a trusted source and review their contents (search for network exfiltration, unexpected exec/spawn usage, or reading unrelated system files). 2) Confirm what credentials are actually needed for Portainer, email, or other services and only provide minimal, scoped tokens. 3) Restrict the service's filesystem access (run as a dedicated u...

详细分析 ▾

ℹ 用途与能力

The stated purpose (a lightweight status API for an OpenClaw bot) is coherent with the capabilities described (health checks, system metrics, skills list). However the skill claims 'zero dependencies — Node.js only' and yet the package contains no server.js, collectors/, or config.example.json that the SKILL.md instructs you to copy, which is an inconsistency: required runtime files are missing from the bundle and the source/homepage is unknown.

⚠ 指令范围

Runtime instructions explicitly tell operators to read OpenClaw workspace files (heartbeat-state.json, cron/jobs.json), scan /proc for system metrics, grep processes to detect dev servers, and run shell commands for 'command' checks. Those actions access local system and agent internals and can expose sensitive data. The SKILL.md also references email unread counts (requiring mail clients/credentials) and Portainer (requiring API tokens) but does not limit or explain how credentials are handled.

ℹ 安装机制

This is instruction-only (no install spec), which is lower install risk. However the absence of any shipped code is notable: the instructions assume you will copy server.js, collectors/, and package.json from somewhere else. That missing provenance is a risk — you must obtain these files from a trusted source and review them before running.

⚠ 凭证需求

No environment variables or credentials are declared, yet the instructions imply needing access tokens/credentials for email providers and Portainer, file system paths for OpenClaw workspace, and permission to run arbitrary shell commands. The skill's declared requirements understate the sensitive access it will need to function.

⚠ 持久化与权限

The SKILL.md instructs installing a systemd user service and enabling linger (loginctl enable-linger) which grants the process persistence beyond user sessions. The skill bundle does not set always or disableModelInvocation, so although not explicitly persistent in the registry metadata, the instructions push for long-running privileged behavior. Running as a persistent service increases risk if the code is unreviewed or misconfigured.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.0.12026/2/5

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install bot-status-api-test

镜像加速npx clawhub@latest install bot-status-api-test --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库