ClawHub

fugui-monitor

Security checks across malware telemetry and agentic risk

Overview

The skill broadly matches its monitoring purpose, but it reuses a logged-in browser profile and sends alert contents to a fixed Feishu recipient that users cannot configure.

Review before installing. Replace the hard-coded Feishu target with your own recipient or disable messaging, use a dedicated Xiaohongshu/OpenClaw browser profile if possible, and know how to stop any cron schedule and remove saved browser session data, logs, and snapshots when monitoring is no longer wanted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill explicitly states it reuses an authenticated Xiaohongshu browser session and sends notifications through Feishu, but it does not clearly disclose that authenticated cookies/session state are being relied on and that monitored content is transmitted to an external service. This creates a privacy and authorization risk because users may not understand that a long-lived logged-in session is being used by automation and that data leaves the local environment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script forwards collected monitoring results to a hard-coded external message target (ou_24c2bc2b000e0ea7a99dea7f4f657dbc) without prompting, validation, or making the recipient configurable. In an agent skill context, this creates a data-flow channel off the host that could silently leak monitored content, account activity, or future expanded data to a third party if the skill is installed or reused by someone unaware of the destination.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal