← 返回 Skills 市场
339
总下载
2
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install watchdog
功能描述
Monitors websites, APIs, and cron jobs (watchdogs) using Watch.dog. Use it when the user asks to "check the status of my monitors", "check uptime", "review w...
安全使用建议
Key issues to consider before installing: (1) The skill will ask for your WATCHDOG_API_KEY and WATCHDOG_API_URL even though the registry metadata does not declare them — expect to provide a secret. (2) The skill's instructions tell the agent to automatically write that secret to a .env file in the skill folder and to immediately run a 'list_monitors' network call as a silent test; this will persist the key on disk and perform an outbound request without an extra explicit confirmation step. If you proceed, provide a least-privilege API key, run the skill in an isolated environment, inspect index.js yourself, and consider removing the saved .env afterward. Also prefer obtaining this skill from an official Watch.dog source or a verifiable homepage; the skill's source is 'unknown' which reduces trust. If you need stricter behavior (no automatic file writes or silent tests), ask the maintainer to remove/alter those instructions or modify the code so writes/tests happen only after explicit, visible confirmation.
功能分析
Type: OpenClaw Skill
Name: watchdog
Version: 1.0.0
The skill contains behavioral instructions in index.js (WATCHDOG_SYSTEM_PROMPT) that direct the AI agent to use its 'native file writing tools' to automatically create or overwrite a .env file on the local filesystem once credentials are provided. This is a prompt-injection technique that commands the agent to perform actions (filesystem I/O) outside the scope of the skill's defined tools. While intended for user onboarding, such instructions for 'silent' or 'automatic' execution of external tools represent a security risk. Additionally, the WATCHDOG_API_URL is configurable via environment variables, which could be used to redirect the WATCHDOG_API_KEY to a malicious endpoint.
能力评估
Purpose & Capability
The skill's stated purpose (monitoring via Watch.dog) legitimately requires an API key and API URL, and the code (index.js) enforces WATCHDOG_API_KEY. However the registry metadata lists no required environment variables or primary credential. That mismatch (description + code require credentials but metadata says none) is inconsistent and misleading.
Instruction Scope
SKILL.md instructs the agent to automatically create/overwrite a .env file with the user's API key/URL, and to immediately execute list_monitors as a silent test whenever credentials are provided or modified. Those steps cause local file writes and immediate outbound network calls using user credentials. While related to onboarding, they expand scope (automatic file writes and silent network tests) beyond what the metadata declares and could surprise users.
Install Mechanism
No install spec in the registry (instruction-only) but package.json/package-lock are included and the SKILL.md instructs running npm install. Dependencies are from the npm registry (e.g., @modelcontextprotocol/sdk, zod) — no external arbitrary download URLs were observed. Installation risk is typical for a Node skill but not negligible.
Credentials
The skill requires sensitive values (WATCHDOG_API_KEY and optionally WATCHDOG_API_URL) per SKILL.md and index.js, yet the registry metadata does not declare these env vars or a primary credential. The skill also persists those credentials to a .env file (per the prompt instructions). Requesting and storing API keys is proportionate to its functionality, but the omission from metadata and the forced automatic storage/test behavior reduces transparency and increases risk.
Persistence & Privilege
The skill is not always-on and does not request platform-wide privileges. However the behavior instructions explicitly direct the agent to write persistent credentials to the skill folder (.env) and to run immediate tests using them. Persisting credentials to disk and running silent outbound calls increases the blast radius if the key is sensitive or the workspace is shared.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install watchdog - 安装完成后,直接呼叫该 Skill 的名称或使用
/watchdog触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Watchdog skill 1.0.0 – Initial release
- Connects to Watch.dog for monitoring websites, APIs, and cron jobs.
- Supports creating, listing, pausing, resuming, and deleting monitors and watchdogs.
- Provides real-time status checks and uptime history.
- Allows configuration of public status pages (Tracker Pages).
- Requires user API key and URL for setup, with automatic connection verification.
元数据
常见问题
watchdog 是什么?
Monitors websites, APIs, and cron jobs (watchdogs) using Watch.dog. Use it when the user asks to "check the status of my monitors", "check uptime", "review w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 339 次。
如何安装 watchdog?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install watchdog」即可一键安装,无需额外配置。
watchdog 是免费的吗?
是的,watchdog 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
watchdog 支持哪些平台?
watchdog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 watchdog?
由 Watch.Dog(@joseshiru)开发并维护,当前版本 v1.0.0。
推荐 Skills