ClawHub

Config Diagnose

Security checks across malware telemetry and agentic risk

Overview

This is a real configuration-diagnosis skill, but it can expose sensitive local details and token fragments during normal use.

Install only if you are comfortable with a diagnostic tool inspecting local environment variables, OpenClaw paths, running processes, ports, and network reachability. Before use, patch it to fully redact API keys, narrow /root file searches to an explicit user-approved path, and keep heartbeat monitoring disabled unless you deliberately configure it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The API diagnostic enumerates several secret-bearing environment variables and prints the first 10 characters of any value found. Even partial token disclosure materially increases exposure risk, and the broad enumeration goes beyond what is minimally necessary for troubleshooting a single reported issue.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The file diagnostic performs a wildcard search across /root, which can reveal the existence and locations of unrelated sensitive files outside the user's immediate troubleshooting scope. Because the filename is user-controlled, this creates an overly broad discovery capability under a privileged directory.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
The skill diagnostic can list all installed skills under the workspace, exposing system/tooling inventory beyond the needs of diagnosing one skill. Inventory disclosure is lower severity, but it can still aid reconnaissance by revealing available capabilities and environment structure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation, increasing the chance that diagnostics run unintentionally. Because the skill can inspect environment variables, files, services, and network state, accidental invocation can expose sensitive system details or produce side effects without clear user intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Using ambiguous phrases like '不工作' as activation criteria makes the skill easy to trigger from generic troubleshooting dialogue. In this context, the ambiguity is risky because the tool is capable of collecting potentially sensitive operational data well beyond simple conversational assistance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes automatic diagnostics over environment variables, file searches, network tests, and service checks, but does not warn users that these actions may inspect sensitive local state or contact external systems. Missing privacy and impact disclosures undermines informed consent and can lead to inadvertent exposure of secrets, filenames, topology, or service status.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The '完整诊断' and proactive monitoring sections introduce broad inspection and unsolicited alerting without clearly informing users that the system may be periodically checked and may emit alerts autonomously. In a diagnostic skill, this changes the trust model from on-demand assistance to ongoing monitoring, which can surprise users and leak operational information through notifications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Displaying the presence and partial values of API credentials directly in output leaks sensitive information into terminal history, logs, and screenshots. Partial secrets are often enough to aid token identification, correlation, or social engineering, especially when multiple providers are enumerated together.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal