ClawHub

Monitor

Security checks across malware telemetry and agentic risk

Overview

This monitoring skill is mostly transparent, but it allows recurring user-defined shell commands without clear guardrails, which users should review carefully before installing.

Install only if you are comfortable reviewing every custom command before enabling it. Prefer built-in http, ssl, disk, process, and port checks; avoid custom commands unless you fully trust the command and understand it may run repeatedly with the agent's local privileges. Use trusted webhook destinations and avoid putting secrets or sensitive internal hostnames in monitor names, logs, or alert messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The template explicitly supports a `custom` check where the agent runs a user-provided command, which creates arbitrary command execution capability on the local system. While a monitoring skill may need extensibility, exposing raw command execution without constraints, validation, sandboxing, or prominent warnings substantially expands the skill from monitoring into general code execution and can be abused to run destructive or data-exfiltrating commands.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill explicitly persists monitor definitions, configuration, and logs under ~/monitor/ but does not prominently warn users that local files will be created and may contain sensitive targets, operational metadata, or check results. In a monitoring context, this can expose endpoint inventory and status history to other local users, backups, or unintended processes if the storage path and permissions are not handled carefully.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents sending full alert payloads to a user-provided webhook URL with no restrictions, validation guidance, or privacy warning. Because alert payloads can contain monitor names, outage details, and possibly sensitive operational context, this creates a real data exfiltration and privacy risk if users configure untrusted or mistyped endpoints.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file states that the user provides the command and the agent runs it, but gives no warning that this may invoke shell execution or alter the local system. In an agent setting, users may supply commands directly or indirectly through prompts, so lack of safety guidance and execution constraints increases the risk of command injection, destructive actions, credential access, or persistence on the host.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal