skills-monitor

AI Skills 一站式监控评估平台 — 7因子评估引擎、跨模型基准评测、中心化 Dashboard、智能推荐

What to check before installing or running this skill: - Metadata mismatch: The registry lists no required env vars, but the code expects WECOM_* variables (enterprise WeCom credentials), NGROK token, and uses keyring. Do not assume 'no credentials required' — inspect and set these intentionally. - Review external endpoints: The code can push reports via a hard-coded WEBHOOK_URL and supports uploading data to arbitrary servers (upload --server). Verify the webhook target is one you control and understand where 'upload' will send data. Consider running in offline/mock mode first. - Inspect deploy scripts: deploy/setup_ssh_key.sh and deploy/pack_and_upload.sh exist and can create SSH keys / push artifacts. Do not run those scripts unless you trust the destination and have reviewed their contents. - Data collection scope: This tool is designed to run other Skills and collect inputs/outputs and metrics. If you install it, it will have access to whatever skills it runs and their I/O. Limit its permissions, run in a sandbox, or restrict the skills directory if you are concerned about sensitive data being captured. - WeCom configuration: ALLOWED_USERS defaults to allow-all (empty list means no restriction). If you enable the WeCom callbacks/server, set ALLOWED_USERS properly and validate CALLBACK tokens. Also replace or confirm any hard-coded webhook keys. - Network exposure: Running 'server' or the web dashboard exposes endpoints (PWA, callbacks). Avoid binding to public interfaces or use firewall / localhost-only binding until configured securely. - Review adapters/uploader: Audit adapters (clawhub_client, DataUploader, skill_registry, runners) to see what external services are called and what data they transmit. If you plan to use 'live' benchmarking (real API calls) check how API keys are handled. - Source verification: The skill.json references a GitHub repo. If you need higher confidence, fetch and compare the upstream repository, confirm author identity, and check for recent commits/issues. Summary recommendation: treat this package as a powerful tool that legitimately needs broader permissions, but the manifest underreports them and the distributed files include scripts that can change system state or transmit data. If you decide to install, run it first in an isolated environment (VM/container) and audit/replace webhook keys and deploy scripts before enabling networked features.

Type: OpenClaw Skill Name: skills-monitor Version: 1.0.0 The skill bundle implements a comprehensive monitoring and evaluation platform that exhibits several high-risk behaviors. Key indicators include the automated setup of persistence via macOS LaunchAgents (skills_monitor/core/auto_reporter.py), scripts that modify SSH authorized_keys (deploy/setup_ssh_key.sh), and a function interceptor (skills_monitor/core/interceptor.py) designed to capture metrics from other skills. While the bundle includes a DataSanitizer and a user consent flow for data collection, it actively uploads system metrics and diagnostic reports to a remote server (uploader.py). Additionally, a hardcoded Enterprise WeChat webhook URL (qyapi.weixin.qq.com/cgi-bin/webhook/send?key=5881dfcd...) is present in wecom_bot/config.py, which is a notable indicator of compromise (IOC) if the bundle is used in a multi-tenant or sensitive environment.