← Back to Skills Marketplace
339
Downloads
2
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install watchdog
Description
Monitors websites, APIs, and cron jobs (watchdogs) using Watch.dog. Use it when the user asks to "check the status of my monitors", "check uptime", "review w...
Usage Guidance
Key issues to consider before installing: (1) The skill will ask for your WATCHDOG_API_KEY and WATCHDOG_API_URL even though the registry metadata does not declare them — expect to provide a secret. (2) The skill's instructions tell the agent to automatically write that secret to a .env file in the skill folder and to immediately run a 'list_monitors' network call as a silent test; this will persist the key on disk and perform an outbound request without an extra explicit confirmation step. If you proceed, provide a least-privilege API key, run the skill in an isolated environment, inspect index.js yourself, and consider removing the saved .env afterward. Also prefer obtaining this skill from an official Watch.dog source or a verifiable homepage; the skill's source is 'unknown' which reduces trust. If you need stricter behavior (no automatic file writes or silent tests), ask the maintainer to remove/alter those instructions or modify the code so writes/tests happen only after explicit, visible confirmation.
Capability Analysis
Type: OpenClaw Skill
Name: watchdog
Version: 1.0.0
The skill contains behavioral instructions in index.js (WATCHDOG_SYSTEM_PROMPT) that direct the AI agent to use its 'native file writing tools' to automatically create or overwrite a .env file on the local filesystem once credentials are provided. This is a prompt-injection technique that commands the agent to perform actions (filesystem I/O) outside the scope of the skill's defined tools. While intended for user onboarding, such instructions for 'silent' or 'automatic' execution of external tools represent a security risk. Additionally, the WATCHDOG_API_URL is configurable via environment variables, which could be used to redirect the WATCHDOG_API_KEY to a malicious endpoint.
Capability Assessment
Purpose & Capability
The skill's stated purpose (monitoring via Watch.dog) legitimately requires an API key and API URL, and the code (index.js) enforces WATCHDOG_API_KEY. However the registry metadata lists no required environment variables or primary credential. That mismatch (description + code require credentials but metadata says none) is inconsistent and misleading.
Instruction Scope
SKILL.md instructs the agent to automatically create/overwrite a .env file with the user's API key/URL, and to immediately execute list_monitors as a silent test whenever credentials are provided or modified. Those steps cause local file writes and immediate outbound network calls using user credentials. While related to onboarding, they expand scope (automatic file writes and silent network tests) beyond what the metadata declares and could surprise users.
Install Mechanism
No install spec in the registry (instruction-only) but package.json/package-lock are included and the SKILL.md instructs running npm install. Dependencies are from the npm registry (e.g., @modelcontextprotocol/sdk, zod) — no external arbitrary download URLs were observed. Installation risk is typical for a Node skill but not negligible.
Credentials
The skill requires sensitive values (WATCHDOG_API_KEY and optionally WATCHDOG_API_URL) per SKILL.md and index.js, yet the registry metadata does not declare these env vars or a primary credential. The skill also persists those credentials to a .env file (per the prompt instructions). Requesting and storing API keys is proportionate to its functionality, but the omission from metadata and the forced automatic storage/test behavior reduces transparency and increases risk.
Persistence & Privilege
The skill is not always-on and does not request platform-wide privileges. However the behavior instructions explicitly direct the agent to write persistent credentials to the skill folder (.env) and to run immediate tests using them. Persisting credentials to disk and running silent outbound calls increases the blast radius if the key is sensitive or the workspace is shared.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install watchdog - After installation, invoke the skill by name or use
/watchdog - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Watchdog skill 1.0.0 – Initial release
- Connects to Watch.dog for monitoring websites, APIs, and cron jobs.
- Supports creating, listing, pausing, resuming, and deleting monitors and watchdogs.
- Provides real-time status checks and uptime history.
- Allows configuration of public status pages (Tracker Pages).
- Requires user API key and URL for setup, with automatic connection verification.
Metadata
Frequently Asked Questions
What is watchdog?
Monitors websites, APIs, and cron jobs (watchdogs) using Watch.dog. Use it when the user asks to "check the status of my monitors", "check uptime", "review w... It is an AI Agent Skill for Claude Code / OpenClaw, with 339 downloads so far.
How do I install watchdog?
Run "/install watchdog" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is watchdog free?
Yes, watchdog is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does watchdog support?
watchdog is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created watchdog?
It is built and maintained by Watch.Dog (@joseshiru); the current version is v1.0.0.
More Skills