by 安全扫描
OpenClaw
安全
high confidence该技能如其所述:一个节点遥测代理,用于收集系统和 OpenClaw 使用指标并上报给固定的 ClawWatch Worker;然而它会读取本地 OpenClaw 会话文件及其他系统数据,并将这些数据发送至 https://cw.osglab.win,因此在敏感主机上启用前请审慎评估。
评估建议
This plugin is internally coherent (it does what it claims), but it collects and transmits potentially sensitive local data. Before installing:
- Confirm you trust https://cw.osglab.win (the Worker endpoint is hardcoded). All reported fields (including ip_address, region, and parsed OpenClaw session transcripts for token counts) will be sent there.
- If you need privacy, run the CLI manually with --base pointing to a self‑hosted Worker or avoid installing the Gateway plugin.
- Inspect src/age...详细分析 ▾
✓ 用途与能力
Name/description, plugin manifest, README, SKILL.md, and code align: this is a telemetry agent that gathers system metrics and token/usage stats and reports them to a ClawWatch Worker. Hardcoding the Worker URL (https://cw.osglab.win) is consistent across README, openclaw.plugin.json, and src/index.ts.
⚠ 指令范围
SKILL.md and README are high-level about installing and restarting the Gateway but do not clearly enumerate all local data accesses. The agent code reads local files (notably ~/.openclaw/agents/*/sessions/*.jsonl), environment variables (OC_MODEL/ACTIVE_MODEL/OPENCLAW_MODEL), system network interfaces (IP), time zone, and runs system commands (df, system_profiler, openclaw --version). All of those can contain sensitive information and are transmitted to the remote Worker.
✓ 安装机制
There is no remote download or install step in the skill metadata — this is instruction/source-distributed. The repository contains source files only; no external URL downloads or install extracts are present. Dev dependencies in package-lock.json are typical and optional.
⚠ 凭证需求
The registry metadata declares no required env vars, but the code uses CLAWWATCH_BASE_URL, CLAWWATCH_STATE, and CLAWWATCH_PAYLOAD_JSON if present. More importantly, the agent reads user files (OpenClaw session transcripts) and system state that are not documented in the top-level 'requires' fields; it also writes a local state file containing node_secret (~/.clawwatch/agent.json). Access to these files and to network interfaces is proportional for telemetry but is sensitive and not explicitly highlighted in install instructions.
ℹ 持久化与权限
The plugin registers a Gateway background service and will spawn a persistent child process (clawwatch-agent run) when enabled; this is expected behavior for a telemetry plugin. always:true is not set. The agent writes its own state file and runs as a Gateway child process, which means it will run automatically while the plugin is enabled.
⚠ src/agent.mjs:161
Shell command execution detected (child_process).
⚠ src/index.ts:57
Shell command execution detected (child_process).
⚠ src/agent.mjs:13
Environment variable access combined with network send.
⚠ src/agent.mjs:16
File read combined with network send (possible exfiltration).
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSmacOS · Linux
版本
latestv1.3.62026/4/20
v1.3.6:降低上报频率(60秒/3600秒);新增 SKILL.md。
● 可疑
安装命令
点击复制官方npx clawhub@latest install clawwatch-openclaw-plugin
镜像加速npx clawhub@latest install clawwatch-openclaw-plugin --registry https://cn.longxiaskill.com
技能文档
功能
- 上报今日 token 用量、输入/输出 token
- 上报任务请求数、失败数
- 上报 token 速度、活跃会话数
- 上报系统指标(CPU、内存、磁盘、运行时间等)
- 自适应上报:前台查看时 60 秒,无前台时 3600 秒
使用
安装后自动启动上报服务,无需配置。 ``bash
openclaw plugins install -l ~/.openclaw/extensions/clawwatch
`
重启 Gateway:
`bash
openclaw gateway restart
` 前提
- OpenClaw Gateway
- ClawWatch Worker 已部署于 https://cw.osglab.win
Node CLI
独立 CLI,可在非 Gateway 环境使用:
`bash
clawwatch-agent setup --base https://cw.osglab.win
clawwatch-agent bind --base https://cw.osglab.win
clawwatch-agent run --base https://cw.osglab.win
``