ClawHub

LibreNMS

Security checks across malware telemetry and agentic risk

Overview

This is a coherent read-only LibreNMS monitoring skill, with the main caution that it uses an API token and disables TLS certificate verification by default.

Install only if you trust the source and need LibreNMS monitoring from OpenClaw. Use a least-privileged read-only LibreNMS API token, keep the config file permission-restricted, prefer a valid HTTPS certificate, and remove the curl -k behavior if strict TLS validation works in your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Missing User Warnings

Low
Confidence
85% confidence
Finding
This markdown file describes storing credentials and making REST API calls, but it does not include a user-facing warning about the privacy/security implications of transmitting infrastructure data and bearer-style API authentication to a remote service. Although the skill is read-only, the documented behavior still affects privacy and system security context and should be disclosed.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- This skill is **read-only** — no device modifications are possible
- API token is stored locally in `~/.openclaw/credentials/`
- The script uses `-k` flag for curl to accept self-signed certificates (common in LibreNMS)
- Restrict file permissions on config.json: `chmod 600 config.json`

## Troubleshooting
Confidence
80% confidence
Finding
chmod 600

Session Persistence

Medium
Category
Rogue Agent
Content
brew install curl jq         # macOS
   ```

3. Create configuration file:
   ```bash
   mkdir -p ~/.openclaw/credentials/librenms
   cat > ~/.openclaw/credentials/librenms/config.json << EOF
Confidence
60% confidence
Finding
Create configuration file: ```bash mkdir -p ~/.openclaw/credentials/librenms cat > ~/.openclaw/credentials/librenms/config.json << EOF { "url": "https://librenms.example.com", "a

Session Persistence

Medium
Category
Rogue Agent
Content
## Configuration

Create `~/.openclaw/credentials/librenms/config.json`:
```json
{
  "url": "https://librenms.example.com",
Confidence
60% confidence
Finding
Create `~/.openclaw

Session Persistence

Medium
Category
Rogue Agent
Content
## Troubleshooting

**"Config file not found"**
Create `~/.openclaw/credentials/librenms/config.json` or set env vars.

**"API returned HTTP 401"**
Check your API token. Generate a new one in LibreNMS under Settings → API.
Confidence
60% confidence
Finding
Create `~/.openclaw

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- This skill is **read-only** — no device modifications are possible
- API token is stored locally in `~/.openclaw/credentials/`
- The script uses `-k` flag for curl to accept self-signed certificates (common in LibreNMS)
- Restrict file permissions on config.json: `chmod 600 config.json`

## Troubleshooting
Confidence
60% confidence
Finding
curl to accept self-signed certificates (common in LibreNMS) - Restrict file permissions on config.json: `chmod 600 config.json` ## Troubleshooting **Authentication Failed (HTTP 401)** - Verify your

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal