← Back to Skills Marketplace
ProcessGuard — Critical Process Monitor & Auto-Restart
by
Shadow Rose
· GitHub ↗
· v2.1.4
· MIT-0
500
Downloads
0
Stars
4
Active Installs
9
Versions
Install in OpenClaw
/install process-guard
Description
Monitor critical processes and auto-restart on failure. Tracks CPU and memory usage, escalates alerts via webhook, callback, or file, and writes a dead man's...
Usage Guidance
This skill appears to do what it claims, but it executes user-configured commands and writes files and may send alerts to external URLs. Before installing or running: 1) review every configured restart/check command and prefer using commandAllowlist (recommended) rather than allowAnyCommand; 2) choose non-sensitive locations for log/heartbeat/alert files and run under a least-privileged account; 3) verify webhook endpoints you configure to avoid accidental data exposure; 4) if you did not obtain the package from a trusted source, consider auditing the full source (the shipped src/process-guard.js is mostly visible but truncated here) or running in an isolated environment first. If you want higher assurance, provide the complete untruncated source for a full review.
Capability Analysis
Type: OpenClaw Skill
Name: process-guard
Version: 2.1.4
ProcessGuard (v2.1.4) is a process monitoring and auto-restart utility that includes features for resource tracking, alert escalation via webhooks, and an HTTP status dashboard. While the implementation in `src/process-guard.js` demonstrates strong security practices—such as mandatory command allowlisting, strict regex-based blocking of shell injection operators, and the use of `spawn` with `shell: false`—it inherently possesses high-risk capabilities. These include arbitrary command execution, network access, and file system interaction, which are plausibly needed for its stated purpose but represent a significant attack surface for an AI agent, fitting the 'suspicious' classification under the provided criteria.
Capability Assessment
Purpose & Capability
Name/description match the implementation: monitoring, health checks (HTTP/TCP/pid/command), auto-restart, resource tracking (optional pidusage), heartbeat file, local dashboard and alert escalation. Nothing requested by the skill (no env vars, no external credentials, no install spec) is disproportionate to the stated purpose.
Instruction Scope
SKILL.md and README instruct the agent to require and run the provided ProcessGuard module which will: read pid files, run health-check commands, execute restart commands, write heartbeat/log/alerts files, and optionally POST JSON to webhook endpoints. Those behaviors are expected for a monitor, but they are powerful: restart/check commands run subprocesses and can cause side effects if misconfigured; alerts can be delivered to arbitrary external endpoints. The README promises blocking of shell operators and a required allowlist (or explicit allowAnyCommand) to mitigate injection risk; code enforces shell-operator blocking and require an explicit security posture when restarts are configured. Note: the README mentions exec/execSync but the shipped code uses spawn/spawnSync (documentation mismatch only).
Install Mechanism
No install spec is provided (instruction-only skill plus included source files). That is low risk from an install standpoint; optional dependency pidusage is only needed to enable resource monitoring and is installed by the user if desired.
Credentials
The skill does not request environment variables or credentials. It performs file I/O (logs, heartbeat, alerts) and network calls to configured webhooks/dashboard; these are justified by the monitoring/alerting purpose. Users should validate configured webhook URLs and file paths before enabling.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It will, however, write files to the working directory and open a local HTTP dashboard port if enabled — both expected for this functionality. The default ability for agents to invoke skills autonomously is normal and not flagged here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install process-guard - After installation, invoke the skill by name or use
/process-guard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.4
Removed exec entirely — restart commands now use spawn(shell:false) same as health checks. No shell execution anywhere in the codebase.
v2.1.3
Replaced execSync with spawnSync(shell:false) for command health checks — eliminates shell execution surface entirely
v2.1.2
Added disclaimer
v2.1.1
Bug fixes: shell operator blocking now truly unconditional — enforced in _validateConfig for all commands (including check.command) AND at runtime in _check before execSync. README updated to accurately document security model. Fixes all scanner-reported documentation/code mismatches.
v2.1.0
Security: inverted security model — commandAllowlist now required by default; set allowAnyCommand: true to explicitly opt out. Shell operators always blocked. Fixes VirusTotal flag for arbitrary exec.
v2.0.2
Security fix: shell operator blocking is now unconditional — commands with shell operators are always rejected, not just when commandAllowlist is configured
v2.0.1
Security fix: commandAllowlist now blocks shell injection operators (;, &&, |, backtick, etc.) in addition to checking executable name. Validation moved to constructor for immediate synchronous rejection of bad configs.
v2.0.0
v2.0.0: Full feature release. Added CPU/memory monitoring (pidusage), multi-target alert escalation (webhook/callback/file), dead man's switch heartbeat, HTTP dashboard, command allowlist security, enhanced status output. Docs now match implementation.
v1.0.0
Initial upload
Metadata
Frequently Asked Questions
What is ProcessGuard — Critical Process Monitor & Auto-Restart?
Monitor critical processes and auto-restart on failure. Tracks CPU and memory usage, escalates alerts via webhook, callback, or file, and writes a dead man's... It is an AI Agent Skill for Claude Code / OpenClaw, with 500 downloads so far.
How do I install ProcessGuard — Critical Process Monitor & Auto-Restart?
Run "/install process-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ProcessGuard — Critical Process Monitor & Auto-Restart free?
Yes, ProcessGuard — Critical Process Monitor & Auto-Restart is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ProcessGuard — Critical Process Monitor & Auto-Restart support?
ProcessGuard — Critical Process Monitor & Auto-Restart is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ProcessGuard — Critical Process Monitor & Auto-Restart?
It is built and maintained by Shadow Rose (@theshadowrose); the current version is v2.1.4.
More Skills