ClawHub

平台监控助手

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised platform monitoring and has no evidence of hidden theft, destruction, or deceptive behavior, but users should understand its local storage and optional scheduled checks.

Install only if you want a local tool that makes periodic web requests, writes monitoring history/config files, and may add scheduled checks. Review any cron or Windows scheduled task before enabling it, avoid adding sensitive internal URLs unless intended, and delete the local config/history files if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The script accepts an arbitrary path via --import and reads that local file, then persists imported data into a user config file. It also exposes stored configuration and monitoring history through export functions, which expands the skill from simple platform monitoring into local file access and persistence; in an agent context, this can be abused to read unexpected local files or retain user-provided data without clear scope controls.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Using a generic trigger like "帮助" can cause the skill to activate during unrelated conversations, leading to unexpected execution paths such as reading configs, generating files, or proposing scheduled actions. Over-broad activation increases the chance of unintended tool use and weakens user intent verification.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Several triggers are broad and context-free, so ordinary user messages could accidentally invoke monitoring behavior. In a skill that can persist configuration and set up recurring tasks, accidental activation is more dangerous because it may lead to unintended state changes or background monitoring workflows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill stores user-defined platform names and URLs in a local JSON file but does not prominently warn users before doing so. Persisting potentially sensitive internal endpoints, bot URLs, or service names without clear disclosure can leak operational details to other local users, tools, or backups.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill describes creating cron jobs for scheduled checks without prominently warning users that this establishes persistent automatic execution on the host. Silent or poorly disclosed task scheduling is dangerous because it creates long-lived behavior, can consume resources, and may be abused to maintain persistence or repeatedly access monitored targets.

Vague Triggers

Low
Confidence
80% confidence
Finding
Allowing an unconstrained custom_url broadens the skill from fixed-platform monitoring to arbitrary URL access, which can enable server-side request forgery behavior, internal network probing, or access to sensitive local/cloud metadata endpoints depending on the runtime environment. In a monitoring skill, this is more dangerous because arbitrary target checking is plausibly aligned with the advertised functionality, making misuse less likely to be noticed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal