ClawHub

Error Monitor Fix

Security checks across malware telemetry and agentic risk

Overview

This skill appears to monitor local OpenClaw errors, but it has unclear scheduled install behavior and runs local commands while its documentation partially presents the behavior as manual or read-only.

Review before installing. Ask the publisher to include or remove the missing installer, document exactly how the cron job is created and disabled, and make the write paths and command execution explicit. If used, run it without elevated privileges and treat persisted log excerpts as potentially sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The document claims the skill no longer performs filesystem modifications, yet it still states that errors are automatically appended to `memory/error.md`. This mismatch can mislead operators and reviewers about write capabilities, weakening trust boundaries and potentially allowing unauthorized persistence of sensitive log content to disk.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The code claims session handling is a read-only check, but it actually executes `openclaw sessions cleanup --dry-run`. Even with `--dry-run`, this crosses the boundary from passive log analysis into invoking a local management command, which can have side effects, trigger hooks, or rely on a compromised PATH/binary in the execution environment.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is described as monitoring and suggesting repairs, but it performs local command execution via `execSync`, including network/socket inspection and session-management commands. This mismatch is dangerous because users or higher-level agents may treat the skill as passive/observational while it actually executes privileged local actions, increasing the risk of unintended effects or abuse if the environment is hostile.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal