ClawHub

Nas system monitor

Security checks across malware telemetry and agentic risk

Overview

This is a simple local NAS health monitor with documentation gaps, but no evidence of hidden data export, destructive behavior, or persistence.

Install only if you want a basic local monitor for disk, memory, and CPU temperature. Do not rely on the advertised network, SMART, service, DDoS, or chat notification features until they are actually implemented and reviewed; avoid entering real webhook secrets until outbound alert code exists and clearly documents what it sends.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documentation instructs users to run a Python monitoring script that necessarily reads system state and may invoke shell-accessible tooling, yet no permissions are declared. This creates a transparency and trust problem: users cannot accurately assess the level of host access required before installation, and a monitoring skill on a NAS typically has broad visibility into sensitive local system data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly supports sending alerts through Feishu, Discord, and Telegram, which means system health, disk, service, or network-status data may be transmitted to third-party platforms. Without a clear disclosure of what data leaves the NAS, users may unknowingly expose sensitive infrastructure details, hostnames, service status, or operational metadata.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal