ClawHub

System Maintenance

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real maintenance skill, but it is incomplete and asks for powerful local actions like file deletion, service restarts, installers, and cron persistence without enough safeguards.

Review carefully before installing. Do not run the one-click setup, restore command, service restart, cleanup, or cron installation on a real machine until the missing scripts are present and audited at a pinned version. Back up your crontab and OpenClaw data first, test in an isolated environment, and ask the publisher for a complete package with dry-run/confirmation behavior and a clear cron removal command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation clearly instructs users to run shell commands and shell scripts, but there is no declared permission model or explicit disclosure that shell execution is required. This matters because the skill performs system-level maintenance actions, and users may not realize it can modify local state, scheduled tasks, and services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior goes beyond a generic 'maintenance system' and includes destructive cleanup, localhost service probing, cron persistence, filesystem inspection, and install/restore operations. Even if these actions are operationally related, the mismatch and incomplete/stray behavior reduce transparency and can conceal risky side effects from users reviewing the skill at a high level.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill creates a persistent cron job that will execute maintenance code daily, which expands its effect from on-demand maintenance into ongoing autonomous execution. Persistence is security-relevant because it changes system state long-term and can continue running code after the initial invocation, increasing risk if the script is modified or behaves unexpectedly.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The entrypoint is presented as a maintenance CLI, but it also installs a separate maintenance system by executing another shell script. That is a capability expansion into deployment/system modification, which is dangerous because users invoking a maintenance tool may not expect software installation or broader filesystem changes.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The overview promotes automated cleanup, auto-recovery, backup, rollback, and optimization benefits without warning that these operations may delete files, restart services, or change system state. In a maintenance skill, such omissions increase the chance that a user runs impactful commands without understanding downtime or data-loss risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The 'one-click setup' instruction encourages immediate execution of an installation script without clearly stating that it may alter cron, permissions, configuration, and local files. This is dangerous because installation scripts are high-trust entry points and can create persistence or broad system changes in a single step.

Missing User Warnings

High
Confidence
95% confidence
Finding
A force restore from the latest backup can overwrite current state and potentially roll back good data, configuration, or operational changes. Presenting this as an emergency command without an overwrite warning or recovery caveats creates a significant risk of accidental disruption or data loss.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented restart command uses process termination followed by service start, which can interrupt active workloads or terminate unintended matching processes. Without a warning, users may invoke it in production and cause avoidable downtime.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The quick cleanup path performs irreversible file deletion through shell commands without confirmation, preview, or safeguards beyond filename patterns and age checks. Destructive operations on shared locations like /tmp can remove files unexpectedly, especially if naming collisions occur or the environment differs from assumptions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code modifies the user's crontab without an interactive confirmation or strong warning that persistent scheduled execution is being installed. Silent persistence is dangerous because it creates ongoing code execution and may be overlooked by users who only intended a one-time maintenance action.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal