CC3PO System Healthcheck

Security checks across malware telemetry and agentic risk

Overview

This skill is a local system health monitor, and its broader host checks are consistent with that purpose when users knowingly enable them.

Install this only if you want an OpenClaw health-check skill that can inspect local host status. Before enabling the crontab examples, review the schedules and log paths, and be aware that the daily audit checks package-update status and estimates temp/cache directory sizes.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The script goes beyond a narrow workspace health check by enumerating OS package updates and later scanning global temporary directories like `/tmp` and `/var/tmp`. In an agent skill, that broader host inspection can violate least-privilege expectations, expose environmental metadata, and make the skill more invasive than its declared purpose suggests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal