Description

Deploy a lightweight status API that exposes your OpenClaw bot's runtime health, service connectivity, cron jobs, skills, system metrics, and more. Use when setting up a monitoring dashboard, health endpoint, or status page for an OpenClaw agent. Supports any services via config (HTTP checks, CLI commands, file checks). Zero dependencies — Node.js only.

README (SKILL.md)

Bot Status API

Name: Test
Author: suspect80

A configurable HTTP service that exposes your OpenClaw bot's operational status as JSON. Designed for dashboard integration, monitoring, and transparency.

What It Provides

Bot Core: Online status, model, context usage, uptime, heartbeat timing
Services: Health checks for any HTTP endpoint, CLI tool, or file path
Email: Unread counts from any email provider (himalaya, gog, etc.)
Cron Jobs: Reads directly from OpenClaw's cron/jobs.json
Docker: Container health via Portainer API
Dev Servers: Auto-detects running dev servers by process grep
Skills: Lists installed and available OpenClaw skills
System: CPU, RAM, Disk metrics from /proc

Setup

1. Copy the service files

Copy server.js, collectors/, and package.json to your desired location.

2. Create config.json

Copy config.example.json to config.json and customize:

{
  "port": 3200,
  "name": "MyBot",
  "workspace": "/path/to/.openclaw/workspace",
  "openclawHome": "/path/to/.openclaw",
  "cache": { "ttlMs": 10000 },
  "model": "claude-sonnet-4-20250514",
  "skillDirs": ["/path/to/openclaw/skills"],
  "services": [
    { "name": "myservice", "type": "http", "url": "http://...", "healthPath": "/health" }
  ]
}

Service Check Types

Type	Description	Config
`http`	Fetch URL, check HTTP 200	`url`, `healthPath`, `method`, `headers`, `body`
`command`	Run shell command, check exit 0	`command`, `timeout`
`file-exists`	Check path exists	`path`

3. Run

node server.js

4. Persist (systemd user service)

# ~/.config/systemd/user/bot-status.service
[Unit]
Description=Bot Status API
After=network.target

[Service]
Type=simple
WorkingDirectory=/path/to/bot-status
ExecStart=/usr/bin/node server.js
Restart=always
RestartSec=5
Environment=PORT=3200
Environment=HOME=/home/youruser
Environment=PATH=/usr/local/bin:/usr/bin:/bin

[Install]
WantedBy=default.target

systemctl --user daemon-reload
systemctl --user enable --now bot-status
loginctl enable-linger $USER  # survive logout

5. Context/Vitals from OpenClaw

The bot should periodically write vitals to heartbeat-state.json in its workspace:

{
  "vitals": {
    "contextPercent": 62,
    "contextUsed": 124000,
    "contextMax": 200000,
    "model": "claude-opus-4-5",
    "updatedAt": 1770304500000
  }
}

Add this to your HEARTBEAT.md so the bot updates it each heartbeat cycle.

Endpoints

Endpoint	Description
`GET /status`	Full status JSON (cached)
`GET /health`	Simple `{"status":"ok"}`

Architecture

Zero dependencies — Node.js built-ins only (http, fs, child_process)
Non-blocking — All shell commands use async exec, never execSync
Background refresh — Cache refreshes on interval, requests always served from cache instantly (~10ms)
Config-driven — Everything in config.json, no hardcoded values

Usage Guidance

Do not run code you don't have or can't inspect. Before installing: 1) Obtain the referenced files (server.js, collectors/, package.json, config.example.json) from a trusted source and review their contents (search for network exfiltration, unexpected exec/spawn usage, or reading unrelated system files). 2) Confirm what credentials are actually needed for Portainer, email, or other services and only provide minimal, scoped tokens. 3) Restrict the service's filesystem access (run as a dedicated unprivileged user, use limited workspace paths), and avoid enabling linger/system-wide services until you audit the code. 4) Validate any shell commands configured for 'command' checks — treat them as potentially dangerous. 5) Ask the publisher for source repository, checksums/signatures, and a homepage or contact; absence of origin info lowers trust. If you cannot review the code or confirm provenance, treat this skill as high risk.

Capability Analysis

Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The `SKILL.md` describes a status API with a 'command' service type that allows arbitrary shell command execution for health checks, a high-risk capability. Additionally, the API is designed to access sensitive OpenClaw internal paths (e.g., `cron/jobs.json`, `workspace`, `openclawHome`, `skillDirs`) for monitoring, granting broad access to operational data. While these capabilities are presented for a benign monitoring purpose, they introduce significant risk if misused or misconfigured, classifying the skill as suspicious due to these powerful and potentially abusable features.

Capability Assessment

ℹ Purpose & Capability

The stated purpose (a lightweight status API for an OpenClaw bot) is coherent with the capabilities described (health checks, system metrics, skills list). However the skill claims 'zero dependencies — Node.js only' and yet the package contains no server.js, collectors/, or config.example.json that the SKILL.md instructs you to copy, which is an inconsistency: required runtime files are missing from the bundle and the source/homepage is unknown.

⚠ Instruction Scope

Runtime instructions explicitly tell operators to read OpenClaw workspace files (heartbeat-state.json, cron/jobs.json), scan /proc for system metrics, grep processes to detect dev servers, and run shell commands for 'command' checks. Those actions access local system and agent internals and can expose sensitive data. The SKILL.md also references email unread counts (requiring mail clients/credentials) and Portainer (requiring API tokens) but does not limit or explain how credentials are handled.

ℹ Install Mechanism

This is instruction-only (no install spec), which is lower install risk. However the absence of any shipped code is notable: the instructions assume you will copy server.js, collectors/, and package.json from somewhere else. That missing provenance is a risk — you must obtain these files from a trusted source and review them before running.

⚠ Credentials

No environment variables or credentials are declared, yet the instructions imply needing access tokens/credentials for email providers and Portainer, file system paths for OpenClaw workspace, and permission to run arbitrary shell commands. The skill's declared requirements understate the sensitive access it will need to function.

⚠ Persistence & Privilege

The SKILL.md instructs installing a systemd user service and enabling linger (loginctl enable-linger) which grants the process persistence beyond user sessions. The skill bundle does not set always or disableModelInvocation, so although not explicitly persistent in the registry metadata, the instructions push for long-running privileged behavior. Running as a persistent service increases risk if the code is unreviewed or misconfigured.

Version History

v0.0.1

test

Metadata

Slug bot-status-api-test

Version 0.0.1

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Test?

Deploy a lightweight status API that exposes your OpenClaw bot's runtime health, service connectivity, cron jobs, skills, system metrics, and more. Use when setting up a monitoring dashboard, health endpoint, or status page for an OpenClaw agent. Supports any services via config (HTTP checks, CLI commands, file checks). Zero dependencies — Node.js only. It is an AI Agent Skill for Claude Code / OpenClaw, with 1539 downloads so far.

How do I install Test?

Run "/install bot-status-api-test" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Test free?

Yes, Test is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Test support?

Test is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Test?

It is built and maintained by suspect80 (@suspect80); the current version is v0.0.1.

More Skills

Test