ClawHub

Tracker Latest Run Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it reads one OpenClaw cron-run log and sends a compact Feishu private message when the user runs the script.

Before installing or running, confirm the hardcoded cron log path and Feishu config path are yours, that the recipient open_id is intended, and that the Feishu app secret has only message-sending permissions needed for this notifier.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises behavior that sends a Feishu private message and references a network-using script, but the manifest does not declare corresponding permissions. Hidden or undeclared network capability reduces reviewability and informed consent, making it easier for a skill to exfiltrate job data or send messages without clear authorization boundaries.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The description is broad enough that an agent may invoke this skill in generic 'status', 'notification', or 'daily ping' situations without the user realizing it will send a private message. Over-broad triggering increases the chance of unintended outbound communication and disclosure of operational status information to Feishu.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation does not prominently warn that running it causes an external side effect: sending a Feishu private message. A user or calling agent could invoke it expecting passive monitoring, but instead trigger outbound messaging that may disclose run status, timestamps, or failure details to a third-party service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal