ClawHub

Agent Security Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a local security scanner whose sensitive file checks are disclosed and aligned with its purpose, with no evidence of exfiltration or hidden execution.

Install only if you are comfortable with a local security tool inspecting OpenClaw secrets, logs, recent shell history, and SSH key metadata. Keep its alert logs private, review them for sensitive paths before sharing, and ask the maintainer to remove the inconsistent Node 'bash' install metadata and document exact scan paths more explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README clearly advertises broad scanning of sensitive local data sources including command history, .env files, SSH keys, logs, and skill files, but it does not prominently warn users about the scope of access, what data may be read, where results are stored, or the privacy implications. For a security-monitoring skill, this omission is risky because users may install and run it without informed consent, causing unnecessary exposure of secrets and personal operational data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description frames the tool as protective but does not clearly warn that it inspects highly sensitive sources such as .env files, shell history, logs, and git repositories, and that it writes results to persistent log files. That omission can mislead users about privacy impact and creates secondary exposure if sensitive findings are copied into logs stored in the workspace.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads the user's recent shell history from ~/.bash_history to inspect command activity, but it provides no explicit consent prompt, disclosure, or scoping control before accessing this sensitive file. Shell history commonly contains secrets, internal URLs, tokens, and operational commands, so silent inspection creates a privacy and credential-exposure risk even if the stated purpose is defensive monitoring.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script enumerates private key material under ~/.ssh and *.pem files to inspect permissions without explicit user disclosure or consent. Even though it does not exfiltrate contents directly, touching sensitive key locations expands the skill's access to highly sensitive assets and may normalize invasive host inspection beyond what users expect from a skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal