ClawHub

Lu Nas Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a visible, instruction-only NAS monitoring skill with expected Docker and system checks plus optional Telegram alerts.

Install only if you want the agent to help inspect NAS Docker and system status. Keep routine monitoring read-only, approve any service restart explicitly, and avoid sending secrets, detailed logs, hostnames, or internal service details through Telegram unless that third-party notification path is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
文档直接给出“docker-compose restart”重启命令,却未强调这会中断正在运行的服务,可能导致业务短暂不可用或意外中断。如果代理在缺少确认的情况下采纳此命令,用户可能遭遇可避免的服务停机。

Missing User Warnings

Medium
Confidence
91% confidence
Finding
示例展示了使用 Telegram Bot Token 和 Chat ID 向外部服务发送告警,但未提醒这些属于凭据,也未说明会发生外部数据传输。这可能导致用户将敏感监控信息或密钥直接嵌入脚本并发送到第三方平台,增加泄露和合规风险。

External Transmission

Medium
Category
Data Exfiltration
Content
TELEGRAM_CHAT_ID="你的 Chat ID"

# 发送告警
curl -s "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
  -d "chat_id=${TELEGRAM_CHAT_ID}&text=⚠️ NAS 告警:容器异常"
```
Confidence
90% confidence
Finding
curl -s "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
TELEGRAM_CHAT_ID="你的 Chat ID"

# 发送告警
curl -s "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
  -d "chat_id=${TELEGRAM_CHAT_ID}&text=⚠️ NAS 告警:容器异常"
```
Confidence
90% confidence
Finding
https://api.telegram.org/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal