Back to skill

Security audit

SystemTemp

Security checks across malware telemetry and agentic risk

Overview

This is a local temperature-monitoring CLI that reads hardware sensor files and stores local config/log files in disclosed OpenClaw workspace paths.

Install only if you are comfortable with a Node-based command creating local temperature history and alert configuration under ~/openclaw_workspace. Review the hard-coded setup paths if your OpenClaw workspace is not under /home/ckk, and add the documented cron entry only if you intentionally want scheduled monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill declares no permissions, yet its documented behavior clearly implies shell execution and environment-dependent access through the `temp` binary and filesystem paths. This creates a transparency and least-privilege problem: users and the platform cannot accurately assess what capabilities the skill needs before installation or execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill is presented as a monitoring tool, but the documentation also includes persistent logging, configuration management, and report generation. This broader behavior increases the attack surface because it writes files and stores history/settings without making those side effects prominent in the declared purpose, which can mislead users about data persistence and system modification.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The script automatically creates persistent config and log files during initialization without clear user disclosure or consent. While this is not an exploit primitive on its own, silent persistence can surprise users, create unintended data retention, and normalize hidden state changes by a tool advertised as a monitor.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The logging and README update routines perform ongoing writes to local files without any visible warning at runtime. In a monitoring utility, undisclosed background file modification reduces user transparency and can lead to unexpected retention or tampering of local workspace artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.