ClawHub

Desktop Monitor Widget

Security checks across malware telemetry and agentic risk

Overview

This is a real local system-monitor widget, but it automatically changes the Python environment and exposes live device metrics through a local web endpoint more broadly than necessary.

Review before installing. Prefer running it in a virtual environment, remove the --break-system-packages install path, and restrict or remove the permissive CORS header. While the widget is running, local system metrics such as CPU, memory, disk usage, uptime, temperature, and process count are available through the localhost endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The startup script automatically installs a Python package at runtime, which modifies the host environment without clear user consent and expands the skill's capabilities beyond merely displaying local system metrics. This is risky because package installation introduces supply-chain exposure and can change system state unexpectedly, especially with the use of --break-system-packages to override packaging safeguards.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The /data endpoint exposes system telemetry over HTTP and explicitly allows any origin via Access-Control-Allow-Origin: *. Because the service is reachable on localhost, any website visited by the user could potentially read this endpoint from the browser and harvest device state such as CPU, memory, disk usage, uptime, temperature, and process count for fingerprinting or privacy-invasive profiling.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases such as '系统状态' and '资源使用情况' are broad, everyday requests that can easily collide with general assistant interactions. This can cause the skill to activate unexpectedly and expose system information or alter the user experience when the user did not intend to invoke this specific widget.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script installs psutil without any explicit warning or confirmation that it is about to modify the Python environment. This can surprise users, alter system-managed packages, and expose the machine to dependency or package-repository compromise if the install path is abused.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal