ClawHub

Session Health Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly local and related to context monitoring, but it includes an under-documented setup script that changes Claude settings to run a statusline script in future sessions.

Install only if you are comfortable with local session facts being written to memory files. Review any facts before snapshotting secrets, set MEMORY_DIR deliberately, and do not run scripts/setup-statusline.sh unless you accept changes to ~/.claude/settings.local.json and know how to revert from the backup it creates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill's stated behavior does not fully match the described implementation: it claims Telegram threshold warnings, but the file only instructs agents to append footers and references external scripts/tools that are not shown here. More importantly, the described behavior includes modifying local config/state outside the advertised scope, which can surprise operators and weaken trust boundaries around agent skills.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The installer writes to ~/.claude/settings.local.json and changes the statusLine command without any interactive confirmation or dry-run step. Although this is framed as a convenience installer, silently modifying a user's agent configuration can unexpectedly alter behavior and create persistence for a script execution path under the user's account.

Session Persistence

Medium
Category
Rogue Agent
Content
session_id="${session_id:-unknown}"
state_file="/tmp/session-health-${session_id}.json"

# Load previous state
prev_pct=0
compactions=0
if [[ -f "$state_file" ]]; then
Confidence
94% confidence
Finding
Load previous state

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal