ClawHub

Server Health

Security checks across malware telemetry and agentic risk

Overview

This is a read-only server health tool whose diagnostics can reveal operational details, but the behavior matches its stated monitoring purpose and shows no exfiltration, persistence, or destructive actions.

Install only where users who can trigger it are trusted to see server diagnostics. Avoid posting its output to public or shared chat channels, because it may reveal process names, service status, OpenClaw port/version/model configuration, and session counts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The script reads detailed OpenClaw configuration from a root-owned file, including gateway port, primary model, and fallback models, which goes beyond a minimal health check. In a Telegram/CLI monitoring context, this can expose internal deployment details and AI/model configuration to any user or chat recipient who can invoke the skill, increasing reconnaissance value for an attacker.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README recommends invoking the skill for broad requests like system health, resource usage, or OpenClaw status without emphasizing authorization boundaries or data sensitivity. In an agent environment, overly broad triggers can cause the skill to run in response to ordinary troubleshooting prompts and expose internal process, service, version, and model configuration details to users who did not explicitly request privileged diagnostics.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The feature list highlights disclosure of top processes, gateway status, model configuration, and service status, but the README omits any warning that this information is operationally sensitive. Such details can aid reconnaissance by revealing running software, infrastructure components, ports, versions, and internal service layout, especially when surfaced through Telegram or other remote interfaces.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises and exemplifies output that includes sensitive operational details such as running processes, service status, gateway PID/port/version, model configuration, session activity, and infrastructure components. Even if this is intended for legitimate health checks, the absence of a clear warning or access guidance increases the risk that users expose reconnaissance-grade information via Telegram, CLI logs, screenshots, or automation outputs.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script accesses OpenClaw configuration under /root without any disclosure, consent boundary, or authorization check, which means a monitoring command may unexpectedly surface privileged application metadata. Even if the data is not secret in itself, silently pulling from root-owned paths violates least surprise and can leak operational details into less trusted interfaces like chat outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal