ClawHub

Session Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a real Telegram session monitor, but it continuously forwards local agent transcripts and can run persistently, so users should review it carefully before installing.

Install only if you explicitly want continuous OpenClaw session activity sent to a trusted Telegram chat. Use a dedicated bot, a private chat, narrowly scoped AGENTS or SESSIONS_DIR values, and avoid monitoring sessions that may contain secrets or sensitive business data. Add the HEARTBEAT watchdog only if you want auto-restart behavior, and remove it when stopping the monitor.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad phrases like 'watch agent', 'what is the agent doing', 'observe agent', and 'live feed', which can match ordinary conversation rather than a deliberate request to deploy a persistent monitor. Because this skill starts ongoing transcript collection and external notification, accidental invocation materially raises privacy and operational risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill is designed for continuous monitoring of JSONL transcripts and transmission of formatted updates to Telegram, but the user-facing description does not present a clear privacy disclosure, consent boundary, or warning that session contents may be exfiltrated to a third-party service. This is dangerous because transcripts can contain prompts, tool outputs, secrets, personal data, and internal operational details, and the persistence/background nature makes the exposure ongoing.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reference explicitly describes continuously forwarding session transcript content to Telegram, including user inputs, assistant messages, tool calls, and tool results, but it does not document any consent, warning, redaction, or data-classification safeguards. Because this skill is specifically designed as a persistent background monitor, the context increases the privacy risk: sensitive prompts, secrets, file contents, and operational metadata may be exfiltrated to an external messaging platform without users clearly understanding that their session data is being transmitted off-platform.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code sends session-monitor content to Telegram, including message text and chat/message identifiers, without any visible consent, notice, or data-minimization controls in the sending path. In the context of a background agent-session monitor whose purpose is to 'watch', 'spy on', and push live activity, this creates a real privacy and exfiltration risk because potentially sensitive transcript data is transmitted to a third-party service continuously.

VirusTotal

37/37 vendors flagged this skill as clean.

View on VirusTotal