ClawHub

Mission Control

Security checks across malware telemetry and agentic risk

Overview

The skill is a mostly transparent monitoring helper, but it exposes sensitive host details and can restart arbitrary system services with sudo, so it needs review before installation.

Install only if you want a Linux/OpenClaw host-monitoring helper and trust the agent with local process, service, port, cron, and log visibility. Avoid broad passwordless sudo for this skill; require explicit human approval for restarts, and consider editing the script or sudoers policy so only known OpenClaw services can be restarted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script advertises itself as a health/status aggregator, but it also exposes a restart command that changes system state and invokes privileged service control. In an autonomous-agent setting, this expands the skill from read-only observability into operational control, increasing the chance of unintended or unauthorized disruption.

Context-Inappropriate Capability

Low
Confidence
79% confidence
Finding
Enumerating listening ports together with owning processes reveals network exposure and service topology beyond basic health reporting. While not directly destructive, this information can aid reconnaissance by identifying reachable services and associated processes on the host.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance uses broad phrases like general system-status requests, which can cause the skill to activate in contexts the user did not intend. For a skill that can inspect processes, services, logs, cron jobs, and potentially restart services, over-broad triggering increases the chance of unintended sensitive enumeration or escalation into operational actions.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The example trigger phrases are highly generic and encourage automatic use for common operational language, which can lead to unnecessary collection of host details and service metadata. In this skill's context, that is more dangerous because the same toolchain also exposes logs, ports, cron configuration, and restart capabilities, so accidental activation has meaningful security consequences.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The logs command returns recent journal or application logs without sanitization or warning, and logs commonly contain secrets, tokens, internal paths, prompts, and user data. In an agent context, exposing raw logs can leak sensitive operational data to an untrusted requester or downstream system.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The restart action performs a disruptive system change without confirmation, dry-run support, or warning in the interface. In an autonomous or tool-using environment, a mistaken invocation could interrupt critical services and cause downtime or cascading failures.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal