← 返回 Skills 市场
226
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install server-watchdog
功能描述
Monitor remote servers via SSH — check service health (PM2, systemd, Docker), database status (MongoDB, MySQL, PostgreSQL), disk space, memory, and auto-rest...
安全使用建议
This package is inconsistent and should be reviewed carefully before use. Key concerns: (1) the code is Windows/MongoDB-specific despite a broad multi-service description — don’t assume it will safely monitor Linux/other services; (2) the script expects TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID but the skill metadata doesn't declare these — if you provide a bot token, the script will send messages to Telegram; (3) SKILL.md recommends using expect to pass SSH passwords on the command line — avoid this: prefer SSH key-based auth or an audited secrets mechanism; (4) the script contains hard-coded, environment-specific values (default chatId, an IP/username in alert text, Windows log and D: paths) that may leak or expose sensitive infrastructure details or mislead operators; (5) the workflow instructs copying and running the JS with pm2 on production servers, creating persistent processes and local logs — test in a sandbox first.
Recommended actions before installing: (A) run the JS in a controlled test environment and read the full file; (B) replace expect/password-based SSH steps with key-based SSH; (C) set and verify Telegram tokens/chat IDs in a safe way (and remove hard-coded defaults); (D) confirm file paths and service names match your environment, and remove or adjust hard-coded IP/username references; (E) review filesystem write locations and permissions to avoid unexpected writes; (F) if you need cross-platform/multi-service monitoring, request or inspect the full implementation for those other services rather than assuming this skill covers them. If the publisher provides a version that actually supports the broader set of services and declares required credentials, re-evaluate with that package.
功能分析
Type: OpenClaw Skill
Name: server-watchdog
Version: 1.0.0
The skill bundle contains a monitoring script (scripts/mongodb-watchdog.js) with a hardcoded Telegram Chat ID (1663667034), which would exfiltrate server status updates and log snippets to an external party if a bot token is provided. Additionally, SKILL.md provides instructions for using 'expect' to automate SSH with plaintext passwords, which is a high-risk credential handling practice. The inclusion of specific internal IP addresses (10.0.0.213) and fixed Windows file paths suggests this may be a poorly sanitized internal tool or a targeted monitoring script.
能力评估
Purpose & Capability
The skill claims broad monitoring (PM2, systemd, Docker, MongoDB/MySQL/Postgres, cross-OS) but the included executable (scripts/mongodb-watchdog.js) only implements a Windows-focused MongoDB watchdog (net stop/start, Windows log paths, D: drive path, default chatId, mentions 10.0.0.213). This mismatch suggests either the package is incomplete/partial or mislabeled.
Instruction Scope
SKILL.md instructs the agent/user to perform SSH operations (including password-based SSH via expect) and to copy and run the included Node script on targets. It instructs reading remote logs, restarting services, and embedding passwords into expect/ssh commands — actions that expose credentials and have broad system impact. The instructions do not declare or constrain where alert credentials (Telegram token) come from but the script will attempt to use them.
Install Mechanism
There is no install spec (instruction-only), which reduces installation risk on the agent host. However the SKILL.md explicitly instructs copying the JS file to remote servers and running npm/pm2 there — this writes a persistent process and files on target machines. That remote persistence is part of the skill's behavior and should be considered when granting access.
Credentials
Registry metadata declares no required env vars or credentials, yet the script reads process.env.TELEGRAM_BOT_TOKEN and process.env.TELEGRAM_CHAT_ID and falls back to a hard-coded chatId. SKILL.md also assumes SSH credentials (passwords or keys) but doesn't declare how these should be provided. Requiring passwords via expect is disproportionate and insecure compared to using SSH keys or documented credential fields.
Persistence & Privilege
The skill does not request 'always' or elevated platform privileges, but it instructs deploying a persistent pm2-managed service on remote hosts and writing logs to specified filesystem paths (e.g., D:\ProPower_System\logs). That gives the skill ongoing presence on any server where it's installed — acceptable for monitoring but important to review and restrict.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install server-watchdog - 安装完成后,直接呼叫该 Skill 的名称或使用
/server-watchdog触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Server Watchdog 是什么?
Monitor remote servers via SSH — check service health (PM2, systemd, Docker), database status (MongoDB, MySQL, PostgreSQL), disk space, memory, and auto-rest... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 226 次。
如何安装 Server Watchdog?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install server-watchdog」即可一键安装,无需额外配置。
Server Watchdog 是免费的吗?
是的,Server Watchdog 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Server Watchdog 支持哪些平台?
Server Watchdog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Server Watchdog?
由 Qoohsuan(@qoohsuan)开发并维护,当前版本 v1.0.0。
推荐 Skills