← Back to Skills Marketplace
SysClaw Reporting
by
Morten Bojer
· GitHub ↗
· v4.0.0
· MIT-0
291
Downloads
0
Stars
0
Active Installs
11
Versions
Install in OpenClaw
/install sysclaw-reporting
Description
Report system issues and submit resource requests to SysClaw via the cross-agent communication system. Use when an agent needs to report an error, warning, o...
Usage Guidance
This skill appears to do what it says (submit reports/requests by writing to a PostgreSQL database), but there are important warnings to consider before installing or using it:
- Metadata mismatch: The registry declares no required environment variables, but the scripts and SKILL.md require SYSCLAW_DB_HOST/PORT/NAME/USER/PASSWORD (or per-script equivalents). Treat that omission as a red flag and ask the publisher to correct the manifest before use.
- Credential safety: The scripts require a DB user + password. Do NOT store high-privilege credentials in plaintext wrapper scripts or crontab entries. If you must run periodic checks, prefer a least-privileged DB account, secure storage for secrets (OS keyring, vault), and avoid embedding passwords in files under /usr/local/bin or crontab lines.
- Network security: The scripts connect to a DB host without explicit TLS/sslmode configuration. Ensure connections to the DB are restricted to trusted networks or use SSL/TLS and network-level access controls to protect credentials in transit.
- Least privilege: Create a dedicated DB role for reporting with only the necessary INSERT/SELECT/UPDATE privileges on the specific tables used (issues, agent_requests, notifications). Do not reuse admin or broad-privilege DB credentials.
- Audit and review the DB schema: Because these scripts write directly to the database, verify the schema, triggers, and any downstream automation that acts on inserted rows (SysClaw may execute approved actions). Ensure you trust the operator(s) who have access to that automation.
- Ask the maintainer for clarification: Request an updated registry manifest listing required environment variables and a justification for any suggested persistent cron-install steps. If you cannot verify the SysClaw operator and DB host, do not provide credentials.
If you want to proceed, only provide a tightly-scoped DB user with minimal privileges and avoid the suggested plaintext cron wrapper; instead use credential management tooling and secure scheduling mechanisms.
Capability Analysis
Type: OpenClaw Skill
Name: sysclaw-reporting
Version: 4.0.0
The sysclaw-reporting skill bundle provides a legitimate interface for an AI agent to communicate with a central management system (SysClaw) via a PostgreSQL database. The scripts (check-notifications.sh, report-issue.sh, request-resource.sh) are well-structured, utilize parameterized queries to prevent SQL injection, and include robust error handling with exponential backoff. While the documentation suggests setting up a cron job for automated notification checking, this is a transparently documented feature for polling and does not constitute a stealthy persistence mechanism.
Capability Assessment
Purpose & Capability
The skill claims to submit reports/requests to 'SysClaw' and the included scripts perform exactly that by writing to a PostgreSQL database (system_comm). Requiring DB host/user/password is consistent with that purpose. However, the registry metadata declares no required environment variables or primary credential while the SKILL.md and scripts clearly require SYSCLAW_DB_* (or per-script overrides). This metadata omission is an incoherence that makes it harder to reason about required secrets before install.
Instruction Scope
Runtime instructions and the scripts only perform database operations (insert/select/update) and check hostname; they do not call external web endpoints or run arbitrary remote code. However, SKILL.md explicitly instructs operators to place plaintext DB credentials into wrapper scripts and a cron job (e.g., writing a script to /usr/local/bin and adding a crontab entry). That guidance creates a credential exposure risk and broad persistence if followed. The scripts also permit direct SQL usage; while parameterized queries and JSON validation are used, direct DB access still grants substantial power and should be limited to least-privileged accounts.
Install Mechanism
There is no installer that downloads or executes remote code; this is an instruction-only skill with bundled scripts. The only dependency is psycopg2 (installed via pip), which is explicitly called out. No external arbitrary-download or extraction steps are present in the manifest.
Credentials
The scripts legitimately require SYSCLAW_DB_HOST/PORT/NAME/USER/PASSWORD (or per-script overrides). Those environment variables are proportionate to the function (direct DB access). However, the skill registry lists no required env vars or primary credential, which is inconsistent and dangerous because users may not know it will require database credentials. Additionally, SKILL.md suggests embedding DB_PASSWORD in a system-wide wrapper script and cron, which is disproportionate from a least-privilege and secret-handling perspective.
Persistence & Privilege
The skill is not force-included (always: false) and does not autonomously modify other skills or global agent settings. The documentation recommends (optional) creating a cron wrapper in /usr/local/bin and writing notifications to workspace memory; these are user-driven persistence steps. They increase exposure if followed, but are not automatic privileges requested by the skill itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sysclaw-reporting - After installation, invoke the skill by name or use
/sysclaw-reporting - Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.0.0
Security: parameterized queries (fixed SQL injection), JSON validation. Reliability: 3-attempt retry with exponential backoff, mid-session reconnect. Breaking: now requires psycopg2-binary.
v3.2.0
v3.2.0: Updated workflow - SysClaw executes approved actions, agents receive results. Removed 'proceed with approved action' language.
v3.1.0
v3.1.0: Replaced operator name with generic 'human operator' for portability.
v3.0.0
v3.0.0: Added notification system. New check-notifications.sh script. Auto-notify SysClaw on request submit. Automatic notification checking via cron job. Split server operations to sysclaw-ops skill.
v2.1.0
Add source_host field to issues and agent_requests - tracks originating machine for multi-server deployments
v2.0.1
Remove deprecated request-access.sh script
v2.0.0
Unified request system: new agent_requests table covers access, software, resources, config, service, deployment, info. Agents have INSERT+SELECT only - cannot self-approve. Replaces access_requests table.
v1.0.3
Add post-install section: document credentials in TOOLS.md and test connectivity
v1.0.2
Document sequence grant requirement in db-schema.md; fix for permission denied on issues_id_seq
v1.0.1
Replace hardcoded host IP with placeholder; add instruction to ask operator for credentials
v1.0.0
Initial release - issue reporting and access request system for cross-agent communication
Metadata
Frequently Asked Questions
What is SysClaw Reporting?
Report system issues and submit resource requests to SysClaw via the cross-agent communication system. Use when an agent needs to report an error, warning, o... It is an AI Agent Skill for Claude Code / OpenClaw, with 291 downloads so far.
How do I install SysClaw Reporting?
Run "/install sysclaw-reporting" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SysClaw Reporting free?
Yes, SysClaw Reporting is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does SysClaw Reporting support?
SysClaw Reporting is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SysClaw Reporting?
It is built and maintained by Morten Bojer (@mbojer); the current version is v4.0.0.
More Skills