ClawHub
Back to skill

Security audit

asclaude-monitor

Security checks across malware telemetry and agentic risk

Overview

This is a small manual OpenClaw monitoring helper; its advertised Feishu/chat alerting is underdocumented but not implemented in the supplied code.

Install only if you are comfortable with the skill showing local OpenClaw cron and gateway status in the conversation. Treat Feishu/chat push alerts and sub-agent tracking as advertised future or missing functionality until additional code is supplied and reviewed, and verify that the openclaw command on your PATH is trusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly promotes proactive status pushes to Feishu or chat windows but does not mention what data may be transmitted, where it is sent, or how sensitive task and system-health information is protected. In a monitoring skill, those notifications can easily include operational metadata, task names, agent status, host health, or error details, which creates a real privacy and information-disclosure risk if users enable integrations without understanding the exposure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly advertises proactive Feishu or chat-window notifications but does not mention what data may be sent, how sensitive task/system status is handled, or how users can control outbound messaging. In an operations-monitoring context, these notifications may expose system health, task names, failures, or other operational metadata to external channels, creating a real privacy and information-leak risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.