Skillv2.0.0

ClawScan security

Windows System Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 3:48 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description claims to monitor Windows systems, but the runtime instructions reference local scripts, report files, and external notifications (飞书) while declaring no binaries, files, or credentials — those gaps are inconsistent and warrant caution.
Guidance: Do not install or run this skill without further information. The SKILL.md references a Python script (tools/windows_system_monitor.py), report files, and Feishu notifications, but the package contains no code, no listed binaries, and no credentials. Before using: (1) request the actual monitoring script and inspect its source to ensure it only reads (not modifies) and does not exfiltrate data; (2) confirm what binaries are required (e.g., python) and that they are safe; (3) require explicit declaration of notification credentials (Feishu webhook) and verify the endpoint; (4) if you must test, run it in a sandboxed Windows VM with no sensitive data and limited network access. The current mismatch between claimed behavior and declared requirements is a red flag — treat this as potentially unsafe until the missing pieces are provided and reviewed.

Review Dimensions

Purpose & Capability: concernThe stated purpose (Windows system monitoring) legitimately needs access to Python or monitoring tools, event logs, and a notification channel. However the skill declares no required binaries, no included code, and no credentials, which is inconsistent: it references tools/windows_system_monitor.py and reports/windows_system_check.json that are not present in the package.
Instruction Scope: concernSKILL.md instructs running a local Python script, reading a report file, and checking Windows event logs, processes, network connections, and then sending notifications. Those instructions involve reading local system state and potentially sensitive logs, but the skill gives no safe boundaries, no explicit commands for collecting only necessary fields, and no included scripts to inspect — the agent would be told to act on files that don't exist in the bundle and to access system resources without declared limits.
Install Mechanism: noteNo install spec (instruction-only) is lowest-risk in terms of writing code to disk. But SKILL.md depends on an external Python script and report files that are not bundled; this mismatch increases risk because the runtime behavior depends on external artifacts that the package does not provide or declare.
Credentials: concernThe instructions require sending notifications via 飞书 and performing system-level reads, which normally need a webhook/token and appropriate OS privileges. The skill declares no required environment variables or credentials (no Feishu webhook, no choice of primary credential), which is disproportionate and unexplained.
Persistence & Privilege: okThe skill does not request always:true and does not claim autonomous persistent presence. It is user-invocable only, which is appropriate for this kind of tool. There is no indication it modifies other skills or agent config.