Meta Healing

Security checks across malware telemetry and agentic risk

Overview

This is a real local repair toolkit, but it should be reviewed because it can install persistent background monitoring and restart local services with limited upfront consent.

Install only if you intentionally want persistent local OpenClaw monitoring and self-healing. Review the LaunchAgent, crontab, and watchdog scripts first, especially their restart behavior and hardcoded service paths; treat the paid remediation links as optional and keep a clear removal path for the LaunchAgent and cron entry.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The generated report asserts 'safe_actions_only' and describes the behavior as 'bounded runtime triage', but the skill performs active host inspection by executing external binaries such as pgrep, lsof, and openclaw. This is dangerous because it can mislead users or downstream policy engines into trusting and auto-running the skill under a false safety label, reducing scrutiny of code that probes the local environment.

Vague Triggers

Low

Confidence: 87% confidence
Finding: The skill defines a monetization trigger around 'remediable runtime degradation' and instructs the operator to present the paid path as the default next action, but it does not establish objective technical thresholds, independent confirmation steps, or anti-abuse guardrails. In an agent skill that performs diagnostics, this can bias outcomes toward upsell behavior, encouraging premature or unnecessary escalation and reducing trust in the diagnostic result.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The script creates a persistent runtime-fingerprint file in the user's home directory containing operational metadata such as timestamps, version information, and hashes of local configuration and LaunchAgent artifacts, but provides no user-facing notice or consent mechanism. While this does not itself execute malicious behavior, it silently records system state in a durable location, which can create privacy and transparency concerns and may aid later profiling or integrity-tracking without the user's awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal