ClawHub

SysGuard

Security checks across malware telemetry and agentic risk

Overview

SysGuard is a real system-monitoring skill, but it exposes host diagnostics, cleanup, notifications, and persistent monitoring too broadly for chat-based use without enough safeguards.

Install only in environments where the OpenClaw bot is restricted to trusted administrators or private operations channels. Review or disable the cleanup command before use, store webhook URLs as secrets, understand that alerts may leave the host via Feishu/WeCom, and document how to stop any monitor process before enabling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The README advertises a cache-cleaning command as 'safe' without warning that cleanup may delete local files or affect application state. In an agent skill context where users may invoke commands conversationally, this can cause unintended data loss or operational disruption because users are not prompted to understand scope, paths, or reversibility.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README shows how to configure an external Feishu webhook but does not warn that alerts may send host status, process health, timestamps, and other operational metadata to a third-party service. In a system-monitoring skill, that omission is security-relevant because admins may enable outbound notifications without assessing privacy, retention, access control, or data residency implications.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill claims that any user in any IM conversation can invoke `sg`, which creates an overly broad trigger surface for a system-management capability. Because the documented commands include health checks, cache cleaning, and persistent monitoring, accidental or unauthorized invocation could expose system state or initiate administrative actions in inappropriate contexts.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises cache cleaning and continuous background monitoring without any warning about side effects, permissions, resource usage, or operational risk. In a system skill, these actions can alter host state, consume resources, or interfere with normal operations, so omission of safeguards and disclosures increases the chance of harmful use or misuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The article promotes the `sgc` cleanup command as a one-step fix and shows it deleting temporary files, NPM cache, and system logs, but it does not clearly explain what paths are affected, what data might be lost, or what safeguards exist. In an agent skill context, encouraging chat-triggered cleanup without explicit warnings increases the risk of accidental destructive actions, especially for non-technical users.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal