ClawHub

server-log-analysis

Security checks across malware telemetry and agentic risk

Overview

This is a coherent remote log-analysis skill, but it asks the agent to use SSH-style server access and ships a root/password connection template while also retaining downloaded logs locally.

Install only if you understand and control the target server access. Replace the sample connection with a least-privileged SSH account, do not put real plaintext passwords in config.yaml, verify the log paths and time window before running, and clean up downloaded logs after analysis.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

If a user replaces these placeholders with real credentials, the agent could gain broad server access and the credentials could be stored in the skill directory.

Why it was flagged

The shipped configuration includes a root SSH username and plaintext password field. The values appear placeholder-like, but this is a high-privilege credential pattern for a task that should normally only need read access to logs.

Skill content
connections:
  default-server:
    host: hostname
    port: 22
    username: root
    password: password
Recommendation

Use a least-privileged SSH account with read-only log access, prefer SSH keys or environment/key-manager references, and avoid storing real passwords in config.yaml.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

The agent may connect to remote servers, inspect files or service status, and copy log data when the user asks for server log diagnosis.

Why it was flagged

The skill directs the agent to use SSH or equivalent remote tools and download log snippets. This is expected for the stated purpose, and the instructions try to minimize scope.

Skill content
4. 通过 SSH 或可用远程工具连接目标服务器
5. 下载前先做远程检查...
6. 只下载最小必要日志片段到配置中的本地 `temp/` 目录
Recommendation

Confirm the target host, service, time window, and log paths before use, and avoid granting write or restart privileges unless specifically needed.

#
ASI06: Memory and Context Poisoning
Low
What this means

Sensitive log fragments may remain on the local machine after analysis and could be reused, exposed, or inspected later.

Why it was flagged

The skill saves downloaded logs locally and preserves them by default. This is disclosed and scoped, but logs can contain sensitive operational, user, or token data.

Skill content
local_temp_dir: temp/server-log-analysis
max_download_mb_per_file: 50
prefer_remote_filter: true
preserve_downloads: true
Recommendation

Review downloaded files, delete them when no longer needed, and avoid pulling logs that contain secrets or personal data unless necessary.