ClawHub

System Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local system monitoring skill, with the main caution that process output can reveal sensitive command-line details.

Install only if you are comfortable with the skill inspecting local system metrics. Avoid sharing JSON or process output publicly, since command lines can include secrets or internal paths, and stop --watch mode when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation instructs users to run a Python script with shell access and implied filesystem reads, but the skill declares no permissions. That mismatch can hide the real execution capabilities from the platform and users, reducing reviewability and enabling unintended access to local system information such as process lists, disk layout, and other host metrics.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill goes beyond coarse system metrics and returns per-process details including usernames and command lines, which can reveal sensitive operational data, secrets passed on command lines, internal paths, and service names. In an agent setting, this broadens data exposure substantially beyond what many users would expect from a generic health monitor.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Running `ps` to enumerate processes and full command lines adds a host-inspection capability that is more sensitive than generic CPU, memory, disk, and network monitoring. In practice, this can disclose credentials embedded in startup arguments, internal infrastructure details, and other process metadata that may aid lateral movement or reconnaissance.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The activation language is broad enough to trigger on many generic server, uptime, performance, or health-report requests, which increases the chance the skill is invoked in contexts the user did not specifically intend. In combination with a skill that can execute shell commands and inspect host state, over-broad routing expands exposure and can lead to unnecessary disclosure of system information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal