ClawHub

Skylv Self Health Monitor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local agent health-check helper, with minor disclosure and invocation caveats but no evidence of harmful behavior.

Install only if you want local agent/system diagnostics. Use explicit requests such as “run skylv-self-health-monitor check,” and be aware that a health check can create local history files in the working directory. Avoid wiring arbitrary sensitive error context into this script unless context redaction is added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
73% confidence
Finding
The skill advertises monitoring functionality that inherently touches sensitive runtime and API telemetry, yet the metadata does not declare permissions while static analysis detected network capability. That gap reduces transparency and informed consent for operators, and could allow unexpected outbound communication of health data or future expansion of behavior without clear review.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The declared description frames the skill as passive real-time monitoring, but the documented behavior includes persistence, reporting, scoring, suggestions, and a command interface. This mismatch can mislead users about the skill's actual capabilities and trust boundary, increasing the risk of unintended data retention or execution in contexts where only lightweight observation was expected.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Broad trigger keywords such as 'health', 'monitor', 'memory', and 'performance' overlap with common conversation and system-administration language. This increases the chance of unintended activation, causing the skill to access diagnostics, write history files, or expose operational data when the user did not intend to invoke it.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation examples 'check my health', 'how am I performing?', and 'any optimization suggestions?' are highly ambiguous and likely to appear in ordinary interaction. In an agent context, accidental invocation can trigger monitoring logic, collect internal state, or generate operational outputs without clear user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
`cmdErrors` prints `e.context` directly to the console, and `trackError` accepts arbitrary context objects. In a monitoring skill, error contexts often contain request metadata, tokens, user inputs, headers, file paths, or other sensitive operational data, so indiscriminate logging can leak secrets to terminal output, logs, or calling systems that capture stdout.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal