System Healthcheck

Security checks across malware telemetry and agentic risk

Overview

This skill performs disclosed local health checks and scheduled monitoring, with no evidence of exfiltration, hidden persistence, or destructive behavior.

Install this only if you want local system and OpenClaw workspace monitoring. Review the cron entries before enabling them, and be aware that the daily audit checks system update status, process counts, and aggregate temp/cache directory sizes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises no declared dependencies/permissions, but its documented behavior clearly relies on shell execution, environment access, and local file reads. That mismatch reduces transparency and consent for users and platforms, and can allow a monitoring skill to inspect more of the host than expected.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented purpose is a simple console-only healthcheck, but the described behavior expands into broad host inspection, local configuration/locale file loading, and optional external package use despite claiming zero external dependencies. This overbroad and under-disclosed behavior is dangerous because users may install a seemingly harmless monitoring skill that performs deeper system enumeration than they reasonably expect.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The skill metadata says 'console output only,' but the script performs broad local inspection: package-manager queries, process enumeration, `/proc` reads, and filesystem traversal of temporary directories. That mismatch can mislead users and automated trust decisions, causing them to run a more invasive skill than advertised.

Context-Inappropriate Capability

Medium

Confidence: 79% confidence
Finding: The daily healthcheck performs package-manager interrogation and later scans broad temp/cache locations, which exceeds a minimal heartbeat-style health monitor and increases host visibility. In agent-skill contexts, unnecessary capability expansion raises risk because users may authorize the skill for a narrower purpose than what it actually does.

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal