ClawHub

Platform Healthcheck

Security checks across malware telemetry and agentic risk

Overview

This health-check skill mostly matches its purpose, but it automatically reads existing API keys from other skill configs and sends them to configured services without clear disclosure or opt-in.

Review data/platforms.json before running. If you have ClawQuests, Colony, or Bankr configs on this machine, assume the health check may read those API keys and send them to the corresponding service to test auth status. Use --only for specific targets, --no-history if you do not want local results saved, or remove auth_config entries if you only want unauthenticated connectivity checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill metadata declares no permissions, but the documented behavior clearly implies network access and likely local file writes for history/JSON output. This creates a transparency and consent gap: users or orchestration systems may execute the skill without realizing it can contact external services and persist results locally.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
This configuration explicitly points the health-check skill at other skills' local config files to load API credentials and then use them against authenticated endpoints. That creates cross-skill secret access and expands the blast radius of any compromise or misuse of this skill, because running a benign-looking health check can consume or expose credentials unrelated to the current skill.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script accepts arbitrary auth_config paths from platform data and reads tokens from local disk, then later uses them in outbound requests. For a health-check utility, this broadens scope from passive availability testing to local secret access and secret use against potentially untrusted endpoints, which can expose credentials if the platform list is modified or supplied by an attacker.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Disabling certificate and hostname verification for any platform marked local permits man-in-the-middle interception and spoofing of HTTPS connections. Because the local flag is data-driven, a malicious or mistaken platform entry could suppress TLS validation and make health results and any transmitted data untrustworthy.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states it checks authentication status across 20+ third-party platforms, which strongly suggests it may use stored API keys and send authenticated requests, but it does not warn the user of that behavior. This is risky because running the health check could unintentionally expose account activity, consume quota, trigger alerts, or interact with third-party services using sensitive credentials without explicit user awareness.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The history file shows the skill probes localhost services such as 127.0.0.1 endpoints, which can reveal the presence, availability, and timing of software running on the host. In an agent skill, undisclosed local network probing expands the trust boundary and can be used for host fingerprinting or unexpected interaction with local services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code loads a bearer token from disk and automatically sends it in an HTTP request without any user confirmation or visible disclosure at runtime. In the context of a dashboard that tests many configurable platforms, this can leak sensitive credentials to attacker-controlled auth_url values or unintended third-party services if configuration is tampered with.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal