ClawHub

Monitoring Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a local system-monitoring tool that matches its stated purpose, but it stores process/resource data locally and should be used with awareness of that privacy footprint.

Install only if you are comfortable with local process names, hostname, CPU and memory usage, timestamps, predictions, and alerts being saved to monitoring.db and system_report.xlsx. Keep those files private, delete old data when it is no longer needed, and consider pinning or reviewing the Python dependencies before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (12)

Scope Creep

Medium
Confidence
91% confidence
Finding
The manifest declares only read access to system information, but the skill’s stated behavior includes saving metrics and generating reports, which necessarily implies file writes. This permission mismatch can mislead users or the hosting platform about the skill’s effective capabilities, weakening trust and potentially bypassing review or policy enforcement based on the manifest.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The manifest identifies the skill as 'event-monitor' while the provided metadata describes 'predictive-monitoring', indicating an identity and behavior mismatch. In security-sensitive packaging, inconsistent naming and descriptions can conceal what is actually being installed, impede auditing, and increase the risk of users approving a skill under false assumptions.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill description and command documentation state that metrics and alerts are stored in a local SQLite database, but they do not clearly warn users that process/resource data will be persisted on disk. This creates a transparency and privacy issue because users may invoke monitoring without understanding that potentially sensitive system/process metadata is being retained locally.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill collects host and process telemetry, including device name, process names, CPU usage, memory usage, and timestamps, then persists it locally without any notice, consent flow, retention policy, or access controls. In many environments, process names and timing data can reveal sensitive applications, user behavior, or internal system details, so silent collection increases privacy and data-handling risk.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The skill writes an Excel file to disk automatically, which can unintentionally leave sensitive operational telemetry in a broadly accessible location. While the filename is fixed and there is no direct path-injection issue here, silent artifact creation can expose collected host/process data to other local users, backup systems, or downstream sharing.

Unpinned Dependencies

Low
Category
Supply Chain
Content
psutil
openpyxl
pandas
scikit-learn
Confidence
98% confidence
Finding
psutil

Unpinned Dependencies

Low
Category
Supply Chain
Content
psutil
openpyxl
pandas
scikit-learn
Confidence
98% confidence
Finding
openpyxl

Unpinned Dependencies

Low
Category
Supply Chain
Content
psutil
openpyxl
pandas
scikit-learn
Confidence
98% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
psutil
openpyxl
pandas
scikit-learn
Confidence
99% confidence
Finding
scikit-learn

Known Vulnerable Dependency: psutil — 2 advisory(ies): CVE-2019-18874 (Double Free in psutil); CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs bec)

High
Category
Supply Chain
Confidence
90% confidence
Finding
psutil

Known Vulnerable Dependency: openpyxl — 2 advisory(ies): CVE-2017-5992 (Improper Restriction of XML External Entity Reference in Openpyxl); CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows remote attack)

High
Category
Supply Chain
Confidence
90% confidence
Finding
openpyxl

Known Vulnerable Dependency: scikit-learn — 6 advisory(ies): CVE-2020-13092 (scikit-learn Deserialization of Untrusted Data); CVE-2024-5206 (scikit-learn sensitive data leakage vulnerability); CVE-2020-28975 (scikit-learn Denial of Service) +3 more

Critical
Category
Supply Chain
Confidence
95% confidence
Finding
scikit-learn

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal