ClawHub

LuLu Monitor

Security checks across malware telemetry and agentic risk

Overview

This firewall helper has a coherent purpose, but it installs persistent unpinned remote code and can let AI-driven actions change firewall rules.

Review the GitHub repository and npm dependencies before installing. Keep auto-execute disabled unless you accept automatic firewall changes, prefer temporary allow/block actions over permanent rules, and remove the LaunchAgent and Accessibility permission when you no longer need the monitor.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The auto-execute feature allows an AI to automatically approve firewall prompts, reducing the user's opportunity to review outbound connections. Because firewall decisions directly affect network trust boundaries, a mistaken classification could silently permit malicious or unexpected traffic, weakening host protections.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The installer silently creates and loads a user LaunchAgent that runs on login and stays alive, which establishes persistence without an explicit confirmation step or prominent warning. In an installer this may be functional, but it is still security-relevant because it causes long-lived background execution and could surprise users or be abused if the repository contents are later changed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs `git clone`/`git pull` and `npm install --production`, which download and execute untrusted remote code and package lifecycle scripts, yet it does not present a safety warning or integrity verification. This is dangerous because a compromised repo, dependency, or upstream account can turn installation into arbitrary code execution on the user's machine.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal