ClawHub

Data Sentinel Pro

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its webpage-monitoring purpose, but its dependency manifest creates a supply-chain risk that should be reviewed before installation.

Review this version before installing. Confirm how OpenClaw resolves package.json dependencies; if it installs from npm, do not install until beautifulsoup4 is removed or replaced with a verified Python dependency path and exact pinned versions. Use dedicated Telegram/email credentials, monitor only pages you are authorized to watch, and add cron entries only when you intentionally want ongoing checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and instructs use of network access, local file writes, and local file reads via monitor scripts and storage paths, but it does not declare any permissions or capability boundaries. This creates a transparency and consent problem: a user or platform may invoke a skill that performs persistent monitoring, external requests, and credential-backed notifications without an explicit permission model.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The script reads a global user configuration file and reuses Telegram credentials to send outbound notifications without clear isolation or explicit per-run consent. While notifications are related to monitoring, pulling secrets from a broader user config expands the skill's privilege scope and creates a channel for exfiltration or unauthorized messaging if the skill is modified or abused.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrases are broad natural-language requests such as monitoring a page or watching a product, which could match ordinary conversation and trigger the skill unintentionally. Because this skill performs recurring network checks, stores task state locally, and may send notifications, accidental activation has more consequence than a read-only informational skill.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"test": "python -m pytest tests/"
  },
  "dependencies": {
    "requests": "^2.31.0",
    "beautifulsoup4": "^4.12.0",
    "lxml": "^5.1.0"
  },
Confidence
86% confidence
Finding
"requests": "^2.31.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "dependencies": {
    "requests": "^2.31.0",
    "beautifulsoup4": "^4.12.0",
    "lxml": "^5.1.0"
  },
  "devDependencies": {
Confidence
90% confidence
Finding
"beautifulsoup4": "^4.12.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "requests": "^2.31.0",
    "beautifulsoup4": "^4.12.0",
    "lxml": "^5.1.0"
  },
  "devDependencies": {
    "pytest": "^8.0.0"
Confidence
84% confidence
Finding
"lxml": "^5.1.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"lxml": "^5.1.0"
  },
  "devDependencies": {
    "pytest": "^8.0.0"
  },
  "python": ">=3.9",
  "author": "Anson <ai.agent.anson@qq.com>",
Confidence
80% confidence
Finding
"pytest": "^8.0.0"

Known Vulnerable Dependency: beautifulsoup4==4.12.0 — 1 advisory(ies): MAL-2025-3615 (Malicious code in beautifulsoup4 (npm))

High
Category
Supply Chain
Confidence
97% confidence
Finding
beautifulsoup4==4.12.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal