ClawHub

Auto-Heal 通用守护

Security checks across malware telemetry and agentic risk

Overview

This auto-heal skill is disclosed but needs Review because it can automatically run powerful service-restart and rollback commands, and a script issue could trigger them unnecessarily.

Install only after careful review. Treat services.json as trusted code, restrict who can edit it, test manually before enabling cron, avoid root or sudo where possible, avoid plaintext credentials, and fix the health-check parsing issue before using this on production or critical services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill claims it is suitable for 'any service' and lists very broad trigger scenarios, which increases the chance an agent or user will apply it in an unsafe or unintended context. Because the framework performs automated repair and rollback actions, overbroad applicability can lead to disruptive commands being run on critical systems without sufficient scoping or safeguards.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documentation promotes automatic restart, repair, and rollback behavior but does not prominently warn that these actions can change system state, overwrite configuration, or worsen outages. In this context, users may enable the skill assuming it is routine monitoring, when it actually executes privileged and potentially destructive commands such as service restarts and file copies.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script executes shell commands taken directly from configuration via eval for health checks, fixes, and rollbacks. If an attacker can modify the JSON config or influence its contents, this becomes arbitrary command execution with the privileges of the script, which is especially dangerous for a guard/auto-heal script likely run unattended and possibly as root.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal