Monitor Alert - Automaton Edition

Security checks across malware telemetry and agentic risk

Overview

This is mostly a health-monitoring skill, but it includes under-disclosed local workspace inspection and persistent edits to agent session state.

Install only if you are comfortable with a monitoring skill that reads local OpenClaw workspace state and can edit SESSION-STATE.md. Review or disable token-monitor.js unless you specifically want token-budget status persisted into future agent session context.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The skill’s documented purpose is limited to system health monitoring and alerting, but the finding indicates it also scans unrelated skill directories and modifies SESSION-STATE.md. Undocumented filesystem inspection and state mutation expand the skill’s effective privileges and can create integrity and privacy risks, especially if operators invoke it expecting read-only monitoring behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal