← Back to Skills Marketplace
304
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install wander-monitor
Description
Guides use of Wander to monitor GitHub Actions without polling. Use when the user pushes code and wants CI notifications, asks how to watch workflows, avoid...
Usage Guidance
Before installing or enabling this skill, consider: 1) It instructs the agent to auto-run background shell scripts after each git push — review whether you want an agent to execute local scripts automatically. 2) The skill expects access to your gh CLI authentication and local files (repo tree, ~/.config/gh), but the metadata declares no credentials — verify what tokens/credentials gh exposes and limit scope. 3) The recommended install clones a third‑party GitHub repo and runs its scripts; audit the wander repo (watch-*.sh, smart-push.sh) for any network calls, data uploads, or commands that could exfiltrate secrets before running them. 4) If you want the functionality but not autonomous execution, run the scripts manually or require explicit confirmation before the agent starts background watchers. 5) If possible, ask the skill author for explicit declarations of required credentials and a signed/reputable source for the Wander tool; absence of declared env vars and the 'auto-trigger' instruction are the primary red flags here.
Capability Analysis
Type: OpenClaw Skill
Name: wander-monitor
Version: 1.0.3
The skill mandates an 'auto-trigger' behavior in SKILL.md, instructing the agent to automatically execute background scripts from an external repository (https://github.com/ERerGB/wander.git) after every 'git push'. It also directs the agent to modify user shell configuration files (~/.zshrc, ~/.bashrc) for persistence and environment setup. While these actions are consistent with the stated purpose of CI monitoring, the requirement for autonomous execution of external code and modification of system profiles poses a high risk of abuse.
Capability Assessment
Purpose & Capability
The name/description (monitor GitHub Actions) match the instructions to run watch-workflow scripts and use gh; that is coherent. However the SKILL.md mandates autonomous behavior after every git push (start background watchers) which is stronger than the registry metadata (no 'always' and no declared credentials) and effectively asks the agent to take persistent action tied to repo events.
Instruction Scope
The SKILL.md tells the agent to start background scripts after every git push, read repository files (.workflows.yml, .github/workflows/*), run scripts from a local clone (watch-workflow-bg.sh, smart-push.sh), check terminal output and report. That grants the agent ability to execute arbitrary shell scripts from a third‑party repo and monitor local state — more scope than a simple notification helper and potentially dangerous if the scripts are malicious or unexpected.
Install Mechanism
No automated install spec (instruction-only), which is low-risk by itself. The docs recommend cloning a GitHub repo (https://github.com/ERerGB/wander) and running its shell scripts; this is a manual network fetch of third‑party code and should be reviewed before execution.
Credentials
SKILL.md requires the gh CLI to be installed and authenticated (implicitly requiring access to GitHub auth tokens/config), and references WANDER_HOME and PATH changes — yet the skill metadata declares no required env vars or primary credential. Implicit access to the user's GitHub auth and shell environment is necessary for functionality but is not declared, which is an inconsistency and a potential privacy/security risk.
Persistence & Privilege
Although registry flags show always:false, the instructions explicitly demand the agent auto-trigger after every git push and to start background/detached processes and write logs under ~/.wander_logs. That attempts to establish persistent behavior and local process execution tied to repository events; combined with executing third‑party scripts, this elevates risk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wander-monitor - After installation, invoke the skill by name or use
/wander-monitor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
CD: eba8a91ba7bd65cc6b6a81c6119bcdbc66b0b14c
v1.0.2
CD: 7db960a7616e4e37c5caaad175b55f4f50e10287
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Wander Monitor?
Guides use of Wander to monitor GitHub Actions without polling. Use when the user pushes code and wants CI notifications, asks how to watch workflows, avoid... It is an AI Agent Skill for Claude Code / OpenClaw, with 304 downloads so far.
How do I install Wander Monitor?
Run "/install wander-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Wander Monitor free?
Yes, Wander Monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Wander Monitor support?
Wander Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Wander Monitor?
It is built and maintained by ERerGB (@erergb); the current version is v1.0.3.
More Skills