ClawHub

Rpi Cpu Monitor

Security checks across malware telemetry and agentic risk

Overview

This CPU monitor is understandable, but it sets up persistent scheduled execution and reads a local OpenClaw gateway token from a hard-coded path to send authenticated alerts.

Install only if you understand and accept that this skill may add a cron job and use your local OpenClaw gateway token to post alerts. Before installing, replace the hard-coded token path with your own explicit configuration, prefer a narrowly scoped alerting token or unauthenticated local notifier, verify the cron entry, and know how to remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The example reads a bearer token directly from a fixed path in the user's home directory and uses it for an authenticated API call. Even though the goal is alerting, embedding credential access into a monitoring script expands the skill's privilege surface and normalizes unsafe secret handling that could expose or misuse the local gateway token.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script reads a bearer token from a local credential file and injects it into an HTTP request. Even though the purpose is alerting, this introduces credential access and use inside a monitoring script, expanding the blast radius if the script is modified, exposed, or run in an unexpected context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions tell the user to run a script that reads a local bearer token and sends an authenticated request, but they do not warn that sensitive credentials are being accessed. This lack of disclosure undermines informed consent and increases the chance that users will deploy the script without understanding the security implications.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The script performs an authenticated POST to a local API endpoint without any visible consent, configuration gate, or disclosure in the file beyond a brief comment. Silent authenticated messaging can be abused for unintended actions or covert signaling, especially when paired with a locally read bearer token.

External Transmission

Medium
Category
Data Exfiltration
Content
TEMP_INT=${TEMP%.*}

if [ "$TEMP_INT" -gt 70 ]; then
  curl -s -X POST "http://localhost:3000/api/sessions/agent:main:main/message" \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $(cat /home/weiye/.openclaw/gateway-token)" \
    -d '{"message":"⚠️ CPU温度过高: '${TEMP}'°C", "channel":"feishu"}'
Confidence
93% confidence
Finding
curl -s -X POST "http://localhost:3000/api/sessions/agent:main:main/message" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $(cat /home/weiye/.openclaw/gateway-token)" \

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal