ClawHub

Operator Dashboard

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw monitoring skill that runs local health checks, sends status messages, and asks before making fixes.

Install this only if you want an agent to run OpenClaw and host health checks and send operational status into the active conversation. Review the channel before enabling scheduled reports, and require exact-command confirmation before approving cleanup, restart, retry, reinstall, or deletion actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill advertises replying in the current channel but also authorises autonomous cron-driven outbound messages later. That creates a behavioural mismatch where the skill can send unsolicited status and alert messages after the initiating interaction, increasing the risk of notification abuse, accidental disclosure into a shared channel, or user surprise if the scheduling context is misunderstood.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger set includes generic phrases such as 'status', 'health check', and 'is everything working', which are likely to collide with ordinary conversation. In a skill that can run commands, send messages, and schedule cron jobs, overly broad activation increases the chance of unintended execution and surprise side effects.

Unbounded Output

Medium
Category
Output Handling
Content
### MUST NOT DO (never)
- Hardcode Telegram chat IDs, environment variables, or other channel‑specific config.
- Spam the channel — routine summaries are daily, immediate alerts only for real problems.
- Build a web UI, Grafana dashboard, or any external interface.
- Assume the user uses Telegram — work with whatever channel the current conversation uses.
- Report trivial warnings as urgent — use judgment.
Confidence
78% confidence
Finding
Spam the channel

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal