ClawHub
Back to skill

Security audit

Parallel Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed guide for creating and managing recurring Parallel web monitors, with expected caution needed around persistent monitors and optional webhook delivery.

Install this if you want an agent to manage Parallel monitors through your authenticated CLI. Before creating a monitor, confirm the objective, cadence, and whether webhook delivery is needed; use only trusted webhook URLs and keep the monitor_id so recurring jobs can be updated or deleted later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The 'When to Use' section uses broad natural-language examples such as 'monitor', 'watch', and 'alert me when' without clear exclusion criteria, which can cause the skill to activate for common requests that do not actually require persistent monitoring. In an agent setting, over-broad activation can lead to unintended creation of recurring tasks, unnecessary data collection, or external side effects without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises optional webhook delivery but does not warn that monitor outputs may be sent to an external URL, potentially exposing tracked content, structured output, or sensitive business context to third parties. In an agent environment, this is dangerous because a user may not realize that enabling a webhook creates ongoing outbound data transfer beyond the local session.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal