ClawHub
Back to skill

Security audit

Server Health Cn

Security checks across malware telemetry and agentic risk

Overview

This is a small server-health reporting skill that runs expected local read-only diagnostics, but it includes visible promotional and affiliate links users should notice.

Install only if you are comfortable with the agent running local read-only Linux diagnostics and showing process/port summaries. Treat the RackNerd, moomoo, and King AI Works links as ads, not security recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
77% confidence
Finding
Embedding sponsored links and affiliate-style advertisements inside an operational skill creates a trust-boundary problem: users invoking a system-reporting skill may receive unrelated commercial recommendations influenced by the author rather than the user's security interests. In security-sensitive contexts, this can steer users toward external services without verification and normalize hidden monetization inside privileged tooling.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to capture many ordinary server-related questions, increasing the chance that the skill activates when the user wanted general troubleshooting rather than command-based host inspection. In an agent environment, overbroad activation can cause unnecessary execution of local system commands and disclosure of sensitive host state such as processes, ports, and resource usage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.