ClawHub

System Inspection

Security checks across malware telemetry and agentic risk

Overview

This is mostly a system health-check SOP, but it has automatic operational side effects that users should review before installing.

Install only if you are comfortable with a scheduled ops skill checking OpenClaw logs/status, probing configured channels, potentially restarting the gateway during troubleshooting, and saving inspection summaries into both personal and shared memory. Prefer manual runs first, require human approval for restarts and test messages, and change the memory writes to sanitized, opt-in audit records in paths you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a low-disturbance inspection SOP, but it mandates writing inspection results into both a personal and a shared memory store after every run. This creates persistent side effects unrelated to mere observation, can expose operational details to other agents or users, and increases the chance of unwanted data retention or cross-agent data pollution.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The mandatory writes to `~/agents/dalong/workspace/memory.md` and `memory/YYYY-MM-DD.md` are not justified by the stated purpose of periodic system inspection. Because these writes affect personal and shared state, they can leak system status, normalize unnecessary persistence, and create a hidden modification channel in what users would reasonably expect to be a read-mostly healthcheck skill.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The SOP claims to be low-disturbance, yet it instructs operators to actively probe channels by sending low-disturbance test messages. Even limited active messaging can notify real users, trigger automations, or create audit noise, so the documented behavior is more invasive than the description suggests.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requires writing inspection results into personal and shared memory files without warning that it modifies user-controlled or shared data. Hidden writes are risky because they can overwrite prior context, introduce sensitive operational information into broadly accessible stores, and surprise users who expect a diagnostic routine to be non-destructive.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal