← 返回 Skills 市场
Subagent Watchdog
作者
gleb-urvanov
· GitHub ↗
· v0.1.0
464
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install subagent-watchdog
功能描述
Monitors subagent runs by enforcing a completion marker file before a deadline and alerts or exits if the marker is missing.
安全使用建议
This skill appears to implement the advertised watchdog behavior, but review these points before installing or running it:
- The script will run a short Python snippet (python3) to read ~/.openclaw/openclaw.json when you omit the wait_seconds argument. If that file is missing or malformed the script will error due to 'set -e' and the unguarded open() call. To avoid this, always call ./watch.sh <label> <wait_seconds>, or ensure the config file exists and is valid.
- The script can call an external openclaw binary to send notifications if WATCHDOG_CHAT_ID (and an executable OPENCLAW_BIN) are present. If you do not want any external notifications, do not set WATCHDOG_CHAT_ID or set OPENCLAW_BIN to a non-executable path.
- The registry metadata does not declare optional deps/envs: python3, OPENCLAW_CONFIG_PATH, OPENCLAW_BIN, WATCHDOG_CHAT_ID, WATCHDOG_CHANNEL, STATE_DIR. Treat these as implicit and verify they are safe/trusted in your environment before use.
- The watchdog reads user config (~/.openclaw/openclaw.json). If that file contains sensitive information, be aware the skill will open it (only to read maxRuntimeSeconds in current code), and the script may fail if it's unreadable. Consider running the script in a controlled directory or with explicit wait_seconds.
- If you plan to rely on the OpenClaw messaging integration, audit the openclaw binary you will point to so you trust what it transmits. The watchdog’s message text is small (label + timeout), but any external binary could behave differently.
Overall: functional and small, but the missing declarations and the unguarded config read are reliability/privacy issues — fix or document these before deploying widely.
功能分析
Type: OpenClaw Skill
Name: subagent-watchdog
Version: 0.1.0
The skill is classified as suspicious due to a path traversal vulnerability in `watch.sh`. The `LABEL` argument, which is user-controlled, is directly used to construct the path for the completion marker file (`$STATE_DIR/${LABEL}.done`). This allows a malicious subagent or user to write files to arbitrary locations on the filesystem by providing a `LABEL` containing path traversal sequences (e.g., `../`). While the skill's stated purpose is benign, this lack of input sanitization presents a significant security risk, allowing for unauthorized file creation or modification.
能力评估
Purpose & Capability
The name/description and the code match: the script waits, checks for a marker file, and exits or optionally notifies. However the script implicitly requires python3 (used to read the OpenClaw config) and may call an external openclaw binary for notifications — these binaries/envs are not declared in the registry metadata. That mismatch should have been declared as dependencies or optional settings.
Instruction Scope
The SKILL.md and watch.sh direct the agent to read a config file (OPENCLAW_CONFIG_PATH or ~/.openclaw/openclaw.json) and to optionally invoke an external messaging tool (OPENCLAW_BIN) using WATCHDOG_CHAT_ID/WATCHDOG_CHANNEL. The Python code opens the config path without existence checks, so omitting wait_seconds can cause the script to fail if the file is missing. The script also spawns an external binary to send messages, which can transmit alerts outside the local environment (dependent on that binary). These behaviors reach beyond merely checking a local marker file and are not fully documented as required environment or runtime dependencies.
Install Mechanism
Instruction-only skill with an included small shell script and contract doc; there is no install spec or remote download. This is low-risk from an install-supply-chain perspective.
Credentials
The skill does not declare any required environment variables or binaries, yet the script reads and respects OPENCLAW_CONFIG_PATH, OPENCLAW_BIN, WATCHDOG_CHAT_ID, WATCHDOG_CHANNEL and optional STATE_DIR, and invokes python3. Those env vars and the python3 dependency are reasonable for optional integration, but the registry should list them (at least as optional) so users know what the skill may read or call. Reading ~/.openclaw/openclaw.json also accesses user configuration outside the skill’s own directory.
Persistence & Privilege
The skill does not request persistent/always-on presence and does not modify other skills or system-wide configs. Autonomous invocation is allowed by default but does not combine here with excessive privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install subagent-watchdog - 安装完成后,直接呼叫该 Skill 的名称或使用
/subagent-watchdog触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: marker-file contract + deadline watchdog + optional OpenClaw notification.
元数据
常见问题
Subagent Watchdog 是什么?
Monitors subagent runs by enforcing a completion marker file before a deadline and alerts or exits if the marker is missing. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 464 次。
如何安装 Subagent Watchdog?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install subagent-watchdog」即可一键安装,无需额外配置。
Subagent Watchdog 是免费的吗?
是的,Subagent Watchdog 完全免费(开源免费),可自由下载、安装和使用。
Subagent Watchdog 支持哪些平台?
Subagent Watchdog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Subagent Watchdog?
由 gleb-urvanov(@gleb-urvanov)开发并维护,当前版本 v0.1.0。
推荐 Skills