← 返回 Skills 市场
386
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install tommy-monitoring-dashboard
功能描述
Zero-token real-time Discord monitoring dashboard for OpenClaw. Displays system health, cron jobs, sessions, and performance analytics via persistent Discord...
安全使用建议
Do not install or run this skill without manual review. Key actions to take before trusting it: 1) Search all scripts for hard-coded targets (the ID '311529658695024640' and channel/message IDs in config/live-state.json) and change them to your own monitoring channel or remove the hard-coded target entirely. 2) Confirm the OpenClaw 'message' and 'cron' commands will post only to a channel you control — the current code posts to a user ID which can leak system/cron/process info to that recipient. 3) Audit scripts that call 'openclaw cron add', 'openclaw cron list', 'ps', 'top', 'df', 'uptime' — these collect system and cron contents that may include sensitive data; run them in an isolated test environment first. 4) Replace any developer defaults in config/*.json and config/live-state.json before enabling automatic cron scheduling. 5) If you accept the behavior, run the tooling manually in a safe environment and verify the first post/edits go only to your desired channel; do not enable automatic cron jobs until verified. The inconsistencies between declared requirements and actual script behavior (missing dependency declarations, bundled executables despite 'instruction-only' claim, and hard-coded message targets) are the primary reasons this skill is suspicious.
功能分析
Type: OpenClaw Skill
Name: tommy-monitoring-dashboard
Version: 2.0.0
The skill bundle implements a monitoring dashboard but contains high-risk patterns that could lead to unauthorized data exfiltration. Specifically, 'scripts/zero-token-dashboard-v2.sh' programmatically extracts the Discord bot token from the user's global OpenClaw configuration file (~/.openclaw/openclaw.json) and uses curl to interact with the Discord API directly. Additionally, several scripts (e.g., 'zero-token-dashboard.sh' and 'zero-token-dashboard-v2.sh') contain hardcoded Discord Channel and Message IDs (e.g., 1479037438813802618), which would cause sensitive system data—including process lists and cron job details—to be sent to the author's Discord channel by default unless manually reconfigured. The documentation also uses persuasive 'zero-token' messaging to encourage the AI agent to bypass standard LLM-based tools in favor of direct shell execution.
能力评估
Purpose & Capability
The README/SKILL.md describes a dashboard that posts to a monitoring Discord channel, but many files contain hard-coded user/channel IDs and scripts that send messages to a specific user (target: 'user:311529658695024640'). Registry metadata declared only curl/jq/top/df as required binaries, yet the code expects 'openclaw', 'ps', 'uptime', 'bc' and other tools. Also the package shows many code files despite the manifest claiming 'No install spec / instruction-only' — these mismatches are unexplained.
Instruction Scope
Runtime instructions and scripts gather system/process/cron data (ps, top, df, uptime, openclaw cron list) which matches monitoring, but generated OpenClaw session scripts call message({ action: 'send' ... target: 'user:311529658695024640' }) — i.e., they will send collected system activity to a specific user unless reconfigured. SKILL.md also instructs adding cron jobs that repeatedly execute skill scripts; that persistence + data collection could leak sensitive information to the configured target if not reviewed.
Install Mechanism
There is no remote download/install of third‑party code in the manifest (install.sh, package.json and scripts are bundled), which lowers supply-chain risk. However the package claims 'instruction-only' while ship contains many executable scripts and an install.sh — an inconsistency the user should note (scripts will be written/executed on install/run).
Credentials
The skill declares no required environment variables, but the code uses process.env.LIVE_MESSAGE_ID and relies on OpenClaw session privileges to post/edit messages. It also contains hard-coded user and channel IDs and state files with message/guild IDs — effectively requiring access to OpenClaw/Discord posting capability without declaring credentials. Asking nothing explicitly while expecting platform-level messaging permission is disproportionate and risky.
Persistence & Privilege
always:false (good). The skill suggests creating cron jobs (via OpenClaw cron add) to run every 30s/1m which gives it ongoing execution in the OpenClaw environment. That autonomous scheduling is expected for monitoring but combined with hard-coded remote targets increases blast radius if misconfigured. The skill does not request to modify other skills or system-wide configs beyond its own state files.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tommy-monitoring-dashboard - 安装完成后,直接呼叫该 Skill 的名称或使用
/tommy-monitoring-dashboard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Zero-token Discord monitoring with direct API, 4-slice architecture, performance analytics
元数据
常见问题
Live Monitoring Dashboard 是什么?
Zero-token real-time Discord monitoring dashboard for OpenClaw. Displays system health, cron jobs, sessions, and performance analytics via persistent Discord... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 386 次。
如何安装 Live Monitoring Dashboard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tommy-monitoring-dashboard」即可一键安装,无需额外配置。
Live Monitoring Dashboard 是免费的吗?
是的,Live Monitoring Dashboard 完全免费(开源免费),可自由下载、安装和使用。
Live Monitoring Dashboard 支持哪些平台?
Live Monitoring Dashboard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Live Monitoring Dashboard?
由 Ric Lewis(@keylimesoda)开发并维护,当前版本 v2.0.0。
推荐 Skills