ClawHub

BotLearn Healthcheck

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OpenClaw health-check skill, but it can trigger broad local diagnostics too easily and collect sensitive system data without a clear upfront consent step.

Review before installing. Use this skill only if you are comfortable with an agent inspecting broad OpenClaw local state, including configs, logs, identity-related directories, security diagnostics, heartbeat files, and workspace metadata. Prefer targeted checks, review generated reports for sensitive paths or local details, and do not approve fix commands unless you understand both the command and rollback plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill includes fix execution capability, which moves it from passive inspection into active system modification. Even with a confirmation requirement, this substantially increases risk because a broad-triggered diagnostic skill could propose and execute destructive, unsafe, or over-privileged commands on the host.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger set contains broad everyday phrases like 'diagnose', 'doctor', 'what's wrong', and 'fix my setup', making accidental activation more likely. In this skill's context, unintended activation is more dangerous because it initiates extensive system data collection and may later guide or execute fixes.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Allowing Full Check on a 'general query' is ambiguous and can cause the skill to run when the user did not intend a diagnostic workflow. Because Full Check performs broad host inspection across configs, logs, identity, memory, and security state, accidental invocation can expose sensitive local information and expand attack surface.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs autonomous collection of extensive local data, including logs, config files, identity directories, workspace files, and security-related artifacts, without a clear upfront consent or privacy warning. This is dangerous because users may trigger it without understanding the breadth of filesystem and environment access involved.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal