System Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw health monitor that runs local status checks and can send alerts, with fixes gated on user approval.

Install this only where you are comfortable letting an agent run local OpenClaw health commands and post summaries or critical alerts to the current conversation channel. Review any proposed fix commands before approving them, especially restarts, plugin changes, or deletion of old logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrase `monitor` is overly generic and can cause the skill to activate for unrelated user requests, creating unintended invocation and context confusion. While this skill is read-only and local, accidental activation could still disclose host status information, process lists, disk usage, or temperature data in conversations where the user did not intend to request system diagnostics.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal