Uptime Monitoring with Encrypted Energy - Know the second your OpenClaw agent goes silent

Security checks across malware telemetry and agentic risk

Overview

This is a real uptime-monitoring skill, but it sends richer OpenClaw operational telemetry to a third party every minute and installs persistent cron execution with an inline API key.

Review before installing. Use it only if you are comfortable sending recurring OpenClaw health/status telemetry to encryptedenergy.com. Store the API key outside the crontab where possible, check exactly what fields are sent, and make sure you know how to remove the cron job and rotate the token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill declares no permissions, yet it instructs the user to install and run shell-based automation via cron and a bash script. That creates an execution capability and outbound network behavior that is not transparently declared, reducing informed consent and making review harder.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: The description frames the skill as a simple heartbeat monitor, but the documented behavior sends the output of `openclaw health --json` and `openclaw status --json` to a third party. That likely includes materially more telemetry than a basic liveness check, such as environment, service state, metrics, and usage details, creating a hidden data-exfiltration risk.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The comments materially understate what is being collected and sent off-host. Although the script says sensitive data is intentionally left out, the payload includes host identity, platform, channel state, task/runtime details, session/token usage, update metadata, and heartbeat configuration, all of which can expose operational topology and usage patterns to a third party. The issue is not merely the presence of an API key in the environment, but the misleading assurance that can cause operators to deploy the script without informed consent about telemetry scope.

Session Persistence

Medium

Category: Rogue Agent
Content: 3. Schedule the ping via the user's system crontab. The gateway is **not** involved at run time — `ping.sh` is pure bash + curl, so don't route it through `openclaw cron add`: ``` ( crontab -l 2>/dev/null; echo "* * * * * PATH=$HOME/.npm-global/bin:/usr/local/bin:/usr/bin:/bin ENCRYPTED_ENERGY_API_KEY=<paste-token> bash {baseDir}/scripts/ping.sh >/dev/null 2>&1" ) | crontab - ``` The `PATH=$HOME/.npm-global/bin:…` prefix is required — `ping.sh` calls `openclaw health --json` and `openclaw status --json`, and crontab's default PATH won't find the openclaw binary. Adjust the PATH if openclaw lives elsewhere (run `which openclaw` to confirm).
Confidence: 82% confidence
Finding: crontab -l

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal