ClawHub

Self Monitor

Security checks across malware telemetry and agentic risk

Overview

This monitoring skill is mostly coherent, but it needs review because it encourages automatic cleanup that can delete system logs and user cache files without clear approval or safeguards.

Install only if you want a monitoring skill that may guide local remediation. Before scheduling it, disable or edit the auto-fix cleanup section, require explicit confirmation before deletes or restarts, and avoid broad /var/log cleanup unless you have reviewed retention and troubleshooting requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill is framed as monitoring, but it also includes file-deletion actions against system and user paths such as /var/log, ~/.cache, /tmp, and ~/.cache/pip. That broadens the capability from observation to modification, creating risk of unintended data loss, forensic log destruction, or disruptive changes if the skill is auto-invoked during routine health checks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states the skill will 'auto-fix' issues by cleaning old logs and temp files, which implies file-modifying and potentially destructive behavior. In an agent skill context, undocumented automatic cleanup can cause unintended deletion of useful files, interfere with forensic evidence, or be triggered in the wrong environment without explicit operator approval.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases include common operational language such as health check, heartbeat, monitor status, and service status, which can easily occur in normal conversations or automated workflows. That makes unintended activation plausible, especially because the skill contains commands that inspect system state and may perform auto-fix behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to run during heartbeats or scheduled checks is ambiguous and lacks guardrails defining when the skill should execute and what level of action is permitted. In context, this is more dangerous because the skill combines frequent or automatic execution with cleanup and restart-style remediation concepts.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises auto-fixable safe actions, yet the listed commands delete logs, cache files, and temporary files without meaningful warning about data loss, troubleshooting impact, or scope. Because the skill is intended for proactive and possibly scheduled use, these destructive actions could be triggered repeatedly and silently, compounding operational harm.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal