ClawHub

Self-Healing Agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw self-repair tool, but it can modify local OpenClaw state when users run heal or monitor modes.

Install only if you want a local OpenClaw watchdog that can repair ~/.openclaw state and rerun OpenClaw cron jobs. Start with check and heal --dry-run, back up important config, memory, and session files, and use monitor mode only when repeated automatic repairs are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def make_fix(job_id=job.get('id')):
                    def fix():
                        try:
                            r = subprocess.run(
                                ['openclaw', 'cron', 'run', job_id],
                                capture_output=True, text=True, timeout=30
                            )
Confidence
75% confidence
Finding
r = subprocess.run( ['openclaw', 'cron', 'run', job_id], capture_output=True, text=True, timeout=30

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill performs unsolicited outbound network probes to third-party vendor endpoints, which can leak environment metadata such as egress capability, timing, and use of specific AI providers. In a self-healing skill, these checks are only loosely related to core local repair behavior and expand the agent's external interaction surface unnecessarily.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The auto-repair and monitor features describe autonomous actions such as restarting jobs, fixing configs, killing processes, restoring files from history, and rotating logs, but they do not present a clear warning about destructive side effects. In this context, continuous monitoring makes the risk greater because repeated unattended remediation can overwrite valid state, delete forensic evidence, interrupt running workloads, or amplify a misdiagnosis into recurring damage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Auto-heal mode modifies configuration and session files and archives or truncates memory files without any confirmation gate beyond invoking the command. In a repair tool operating on agent state, this can cause destructive or hard-to-audit changes if health checks are wrong, files are symlinked, or an attacker has planted content to trigger automated modification.

Missing User Warnings

High
Confidence
95% confidence
Finding
Monitor mode continuously applies fixes in a loop with no interactive approval at the point of action, enabling repeated autonomous modification of local state. In a long-running watchdog context, a bad heuristic, crafted workspace state, or poisoned cron metadata can trigger persistent self-inflicted damage or repeatedly execute attacker-influenced repair actions.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal