ClawHub

Log Collector

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cluster log collector, but it needs review because it continuously collects sensitive logs from all configured nodes over SSH while bypassing SSH host key verification.

Install only if you intentionally want continuous cluster-wide log collection. Before enabling it, restrict the nodes database to approved systems, use dedicated least-privilege SSH credentials, remove StrictHostKeyChecking=no, protect logs.db, add redaction or exclusions for secrets, and document how to disable the cron job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
logs_collected = []
            for cmd in log_commands:
                result = subprocess.run(
                    ['ssh', '-o', 'ConnectTimeout=10', '-o', 'StrictHostKeyChecking=no',
                     f'openclaw@{vpn_ip}', cmd],
                    capture_output=True, text=True, timeout=30
Confidence
97% confidence
Finding
result = subprocess.run( ['ssh', '-o', 'ConnectTimeout=10', '-o', 'StrictHostKeyChecking=no', f'openclaw@{vpn_ip}', cmd], c

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly describes shell execution via cron, SSH access to multiple nodes, and writing to a central database/log directory, yet the metadata does not declare these capabilities in a structured, user-visible permission model. This is dangerous because it obscures the real operational reach of the skill—remote command execution, centralized log harvesting, and data persistence—reducing informed consent and making abuse or over-privileged deployment more likely.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
Disabling SSH host key verification defeats one of SSH's core security guarantees by allowing silent trust of unknown or changed host identities. Because this agent periodically connects to many nodes and pulls potentially sensitive logs, a network attacker or rogue VPN participant could impersonate a node and receive or influence collected data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says the agent permanently collects logs and history from all nodes over SSH/VPN and stores them centrally, but it does not prominently warn that this may capture sensitive operational data, user activity, secrets in logs, or command history across the cluster. Centralized collection materially increases blast radius: compromise of the collector or logs.db could expose data from every node rather than one system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal