ClawHub

Driftwatch

Security checks across malware telemetry and agentic risk

Overview

Driftwatch is a disclosed local workspace-health scanner, with the main privacy consideration being local reports and history files that can reveal workspace details.

Install if you want a local scanner for OpenClaw bootstrap health. Treat generated HTML reports and saved history as private diagnostics, review them before sharing in chat or with teammates, and enable --save or cron monitoring only if you want ongoing local records under ~/.driftwatch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The README advertises generic trigger phrases like "scan my config" and "analyze my workspace," which are broad enough to overlap with ordinary user requests unrelated to this specific skill. In an agentic environment, this can cause unintended invocation on sensitive workspace content, leading to over-broad file inspection or surprising behavior even though the skill's stated purpose is benign.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation text is broad enough to auto-trigger on almost any question about workspace health or config status. Over-broad activation increases the chance the skill runs unexpectedly, causing unnecessary filesystem scanning and artifact creation in contexts where the operator did not explicitly request it.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
When --save is used, the script persists a report containing the absolute workspace path and detailed analysis results into ~/.driftwatch/history without a strong user-facing disclosure of the sensitivity of that metadata. On shared systems or in environments with backups/sync tooling, these history files can unintentionally reveal project names, filesystem layout, and potentially sensitive operational findings over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal