ClawHub

System Monitor Pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent system-monitoring skill, but its remote SSH mode is unsafe enough to require review before installing.

Review this skill carefully before installing. It is suitable only if you are comfortable with local system inspection and shell-based monitoring. Avoid using --remote until the implementation validates the host value, uses safe argument passing instead of shell interpolation, and preserves SSH host key verification; remote targets should be explicit, trusted hosts only.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The remote monitoring path invokes SSH with StrictHostKeyChecking=no, which disables host identity verification and makes man-in-the-middle interception or silent redirection to an attacker-controlled host much easier. In this skill, the session is not merely informational transport: it executes multiple shell commands remotely, so trusting the wrong host can expose system metadata and cause the tool to run attacker-influenced command contexts.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very generic phrases such as "monitor," "dashboard," and "health check," which are common in normal conversations and can cause the skill to activate when the user did not intend to invoke it. Because this skill can expose detailed system state and supports remote monitoring, accidental activation increases the chance of unintended disclosure of local or remote operational data.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The usage section repeats the same ambiguous invocation phrases without clarifying scope or requiring explicit consent, reinforcing accidental activation behavior. In a monitoring skill, this matters because a casual request like "monitor" or "dashboard" could trigger collection and display of sensitive host, quota, cron, or gateway status information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises SSH-based remote monitoring but provides no warning that using `--remote` accesses data from another machine and may reveal sensitive operational details. In combination with broad triggers, this raises the risk that users invoke remote inspection without understanding the scope of access or the sensitivity of the returned information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill accepts a --remote target and then transparently executes a series of shell commands over SSH without any confirmation, warning, or clear disclosure at the moment of use. In a monitoring skill this is more sensitive than a local read-only dashboard because it crosses a trust boundary to another machine and may surprise users into contacting unintended hosts or exposing remote environment details.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal