Heartbeat Ollama Guard

Security checks across malware telemetry and agentic risk

Overview

This skill clearly does what it advertises: switches OpenClaw heartbeat traffic to local Ollama and installs a local guard, with notable but disclosed persistence and configuration-change behavior.

Install only if you want a background user-level service enforcing the local Ollama heartbeat setting. Review the listed OpenClaw instances during setup, keep the backups, prefer safer Ollama installation methods over curl-to-shell, and use --uninstall or update heartbeat-guard.conf.json before making later heartbeat model changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The generated README presents a misleading security claim: it says there is no external API access, while the documented setup process explicitly includes downloading/installing Ollama and automatically pulling a model from the network. Misrepresenting network behavior can cause users to make unsafe trust decisions, especially in a security-sensitive skill that modifies local configuration and installs persistent components.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description advertises broad capabilities such as automatically reconfiguring all instances, polling every 60 seconds, rolling back changes, and deploying persistent services, but it does not define clear trigger conditions, scope limits, or authorization boundaries. For a skill that changes configuration and installs a LaunchAgent/system service, this ambiguity increases the risk of unintended execution, overreach, or abuse of privileged persistence behavior.

External Script Fetching

High

Category: Supply Chain
Content: p2 = doc.add_paragraph(style="List Bullet") p2.add_run("Linux：").bold = True p2.add_run(" curl -fsSL https://ollama.com/install.sh | sh") doc.add_paragraph() doc.add_paragraph("第二步：运行安装向导")
Confidence: 95% confidence
Finding: curl -fsSL https://ollama.com/install.sh | sh

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal