ClawHub

Pilot Fleet Health Monitor Setup

Security checks across malware telemetry and agentic risk

Overview

This is a coherent setup guide for fleet monitoring, with disclosed alert forwarding to Slack/PagerDuty but no hidden or destructive behavior in the skill itself.

Before installing, review the downstream Pilot bridge skills, confirm the Slack/PagerDuty destinations are approved for your organization, and avoid forwarding secrets, customer data, or raw diagnostics in alert payloads. Be aware that setup writes a local Pilot manifest and establishes trust relationships between agents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README explicitly routes operational alerts to Slack and PagerDuty via webhooks but provides no warning that alert payloads may leave the local environment and enter third-party services. In a monitoring context, alerts can contain hostnames, service names, infrastructure status, and incident details, which may expose sensitive operational metadata or regulated data if users forward raw events indiscriminately.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example demonstrates forwarding a concrete alert message to Slack without any caution about message contents, normalization, or redaction. In this skill's context, users may copy the pattern for real incidents and end up sending sensitive infrastructure details or internal host identifiers to external chat systems, increasing exposure during outages when operators are least careful.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs forwarding alerts to external destinations such as Slack and PagerDuty, but it does not require any user-facing disclosure, consent, or guidance about what data may leave the local environment. Health alerts and metric payloads can contain sensitive infrastructure details such as hostnames, service health, replication lag, and operational status, creating an avoidable data exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal