ClawHub

Server Monitor Collector

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed server monitoring/reporting tool that uses configured credentials to collect metrics, write reports, and optionally email them.

Install only in an environment where collecting and storing infrastructure metrics is acceptable. Use least-privilege monitoring/API credentials, protect the .env file, verify SMTP_HOST and TARGET_EMAIL before scheduling, and avoid sending reports to external recipients unless that is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares powerful capabilities in practice (reading secrets from environment variables, writing reports to disk, and sending data over the network) but does not declare corresponding permissions. This creates a transparency and consent problem: users may run the skill without realizing it can access credentials and exfiltrate monitoring data to external endpoints such as Feishu, SMTP, Zabbix, Prometheus, or cloud APIs.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The Huawei token helper advertises AK/SK-based authentication but never uses the secret key, which means the authentication flow is incorrect and security assumptions in the code are false. This can cause broken authentication, misbinding to the wrong identity model, and accidental use of an access key in URL paths or requests where a project ID or signed credential should be used instead.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly supports sending generated monitoring reports via email or Feishu, yet the description does not prominently warn that server and cloud monitoring data may be transmitted to external destinations. This is dangerous because operational metadata, hostnames, IPs, utilization metrics, and group structure can be sensitive and users may unknowingly disclose them outside their environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document states that cloud-provider integrations become active automatically once credentials are added to .env, but it does not clearly warn that this enables outbound authenticated API access to external cloud services. In a monitoring/reporting skill, that behavior can surprise operators, expand the trust boundary, and lead to unintended data collection or external calls if credentials are added for another purpose.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script automatically emails detailed host monitoring data, including hostnames, IPs, and utilization metrics, to an externally configured recipient without any confirmation, recipient allowlisting, or data-minimization controls. In a monitoring/cron context this creates a real data exfiltration risk if environment variables are misconfigured, compromised, or pointed to an unintended external address.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The script persists collected infrastructure inventory and performance data to CSV/XLSX files under ~/.hermes/cron/output without any retention policy, permission hardening, or operator warning. While local persistence is expected for reporting, these files can expose sensitive operational data to other local users, backups, or later compromise if left unprotected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal