Server Health Agent

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it runs fixed local health-check commands and reports server metrics, with no evidence of persistence, exfiltration, or system modification.

Install this only on systems where OpenClaw is allowed to run local read-only health commands and see host metrics, including Docker container names and statuses. It does not show evidence of modifying the system or sending data elsewhere.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation phrases "Check server health" and especially "Run server-health-agent" are broad enough that they may be triggered during normal conversation or by content quoted from a user, document, or tool output. Because this skill has shell permission, unintended activation could cause command execution in contexts where the user did not explicitly intend to run the skill, increasing the risk of prompt-trigger abuse or accidental execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal