Back to skill

Security audit

Disk Guardian

Security checks across malware telemetry and agentic risk

Overview

Disk Guardian is a local disk-health diagnostic skill whose drive scanning, optional sudo use, and optional local history storage fit its stated purpose.

Install only if you want local disk-health diagnostics. Expect it to scan all detected drives, possibly ask for sudo on Linux, and optionally store local drive history containing hardware identifiers such as model and serial number. Avoid using --record on shared machines unless you are comfortable retaining that inventory locally, and run sudo only when needed for SMART access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly performs shell execution and reads/writes local files, but the manifest text shown does not declare permissions or prominently communicate those capabilities. Undeclared capabilities are dangerous because users and orchestrators may invoke the skill without understanding that it can execute system commands, inspect hardware devices, and persist scan history to disk.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill says data is stored under ~/.openclaw/workspace/disk-guardian/ by default, but the high-level description does not warn users that reports and history may be written to persistent local storage. This is a security/privacy issue because disk inventory, device identifiers, health telemetry, and trend history can remain on disk unexpectedly and may be accessible to other local users or included in backups.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation instructs use of --sudo for the scanning pipeline but does not include an explicit elevated-privilege warning or guidance to minimize privileged execution. This is dangerous because users may run a complex, multi-step toolchain with root privileges, increasing the blast radius if any script behavior is flawed, unexpectedly processes attacker-controlled input, or writes files in privileged contexts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persists per-drive history entries containing hardware identifiers such as model and serial number to a predictable location under the user's home directory without any consent prompt, disclosure, minimization, or protection. Serial numbers and related device metadata can be sensitive inventory data that enables host fingerprinting, asset correlation, and privacy leakage if the workspace is shared, backed up, or readable by other local processes/users.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
python3 scan_drives.py | python3 parse_smart.py | python3 report.py

# With sudo (required on many Linux systems):
python3 scan_drives.py --sudo | python3 parse_smart.py | python3 report.py

# Save report to file:
python3 scan_drives.py | python3 parse_smart.py | python3 report.py --output ~/disk-report.md
Confidence
93% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
### scan_drives.py
- macOS: uses `diskutil list` to find whole disks, then `smartctl -a /dev/diskN`
- Linux: uses `lsblk` to find block devices, then `smartctl -a /dev/sdX`
- `--sudo`: prepend sudo to smartctl commands (needed on Linux without udev rules)
- Outputs JSON: `{os, smartctl_path, drives_found, scan_results: [{device, smartctl_output|error}]}`

### parse_smart.py
Confidence
91% confidence
Finding
sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.