← Back to Skills Marketplace
Subagent Watchdog
by
gleb-urvanov
· GitHub ↗
· v0.1.0
464
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install subagent-watchdog
Description
Monitors subagent runs by enforcing a completion marker file before a deadline and alerts or exits if the marker is missing.
Usage Guidance
This skill appears to implement the advertised watchdog behavior, but review these points before installing or running it:
- The script will run a short Python snippet (python3) to read ~/.openclaw/openclaw.json when you omit the wait_seconds argument. If that file is missing or malformed the script will error due to 'set -e' and the unguarded open() call. To avoid this, always call ./watch.sh <label> <wait_seconds>, or ensure the config file exists and is valid.
- The script can call an external openclaw binary to send notifications if WATCHDOG_CHAT_ID (and an executable OPENCLAW_BIN) are present. If you do not want any external notifications, do not set WATCHDOG_CHAT_ID or set OPENCLAW_BIN to a non-executable path.
- The registry metadata does not declare optional deps/envs: python3, OPENCLAW_CONFIG_PATH, OPENCLAW_BIN, WATCHDOG_CHAT_ID, WATCHDOG_CHANNEL, STATE_DIR. Treat these as implicit and verify they are safe/trusted in your environment before use.
- The watchdog reads user config (~/.openclaw/openclaw.json). If that file contains sensitive information, be aware the skill will open it (only to read maxRuntimeSeconds in current code), and the script may fail if it's unreadable. Consider running the script in a controlled directory or with explicit wait_seconds.
- If you plan to rely on the OpenClaw messaging integration, audit the openclaw binary you will point to so you trust what it transmits. The watchdog’s message text is small (label + timeout), but any external binary could behave differently.
Overall: functional and small, but the missing declarations and the unguarded config read are reliability/privacy issues — fix or document these before deploying widely.
Capability Analysis
Type: OpenClaw Skill
Name: subagent-watchdog
Version: 0.1.0
The skill is classified as suspicious due to a path traversal vulnerability in `watch.sh`. The `LABEL` argument, which is user-controlled, is directly used to construct the path for the completion marker file (`$STATE_DIR/${LABEL}.done`). This allows a malicious subagent or user to write files to arbitrary locations on the filesystem by providing a `LABEL` containing path traversal sequences (e.g., `../`). While the skill's stated purpose is benign, this lack of input sanitization presents a significant security risk, allowing for unauthorized file creation or modification.
Capability Assessment
Purpose & Capability
The name/description and the code match: the script waits, checks for a marker file, and exits or optionally notifies. However the script implicitly requires python3 (used to read the OpenClaw config) and may call an external openclaw binary for notifications — these binaries/envs are not declared in the registry metadata. That mismatch should have been declared as dependencies or optional settings.
Instruction Scope
The SKILL.md and watch.sh direct the agent to read a config file (OPENCLAW_CONFIG_PATH or ~/.openclaw/openclaw.json) and to optionally invoke an external messaging tool (OPENCLAW_BIN) using WATCHDOG_CHAT_ID/WATCHDOG_CHANNEL. The Python code opens the config path without existence checks, so omitting wait_seconds can cause the script to fail if the file is missing. The script also spawns an external binary to send messages, which can transmit alerts outside the local environment (dependent on that binary). These behaviors reach beyond merely checking a local marker file and are not fully documented as required environment or runtime dependencies.
Install Mechanism
Instruction-only skill with an included small shell script and contract doc; there is no install spec or remote download. This is low-risk from an install-supply-chain perspective.
Credentials
The skill does not declare any required environment variables or binaries, yet the script reads and respects OPENCLAW_CONFIG_PATH, OPENCLAW_BIN, WATCHDOG_CHAT_ID, WATCHDOG_CHANNEL and optional STATE_DIR, and invokes python3. Those env vars and the python3 dependency are reasonable for optional integration, but the registry should list them (at least as optional) so users know what the skill may read or call. Reading ~/.openclaw/openclaw.json also accesses user configuration outside the skill’s own directory.
Persistence & Privilege
The skill does not request persistent/always-on presence and does not modify other skills or system-wide configs. Autonomous invocation is allowed by default but does not combine here with excessive privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install subagent-watchdog - After installation, invoke the skill by name or use
/subagent-watchdog - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: marker-file contract + deadline watchdog + optional OpenClaw notification.
Metadata
Frequently Asked Questions
What is Subagent Watchdog?
Monitors subagent runs by enforcing a completion marker file before a deadline and alerts or exits if the marker is missing. It is an AI Agent Skill for Claude Code / OpenClaw, with 464 downloads so far.
How do I install Subagent Watchdog?
Run "/install subagent-watchdog" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Subagent Watchdog free?
Yes, Subagent Watchdog is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Subagent Watchdog support?
Subagent Watchdog is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Subagent Watchdog?
It is built and maintained by gleb-urvanov (@gleb-urvanov); the current version is v0.1.0.
More Skills