API Health Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it locally scans recent OpenClaw session logs for API error patterns and returns a health report.

Install only if you are comfortable with an agent reading recent OpenClaw session logs. Avoid sharing reports publicly unless you have checked that matched log snippets do not reveal private prompts, API tokens, or account details.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill documentation declares no permissions, but the described functionality requires access to local session logs and likely performs code execution with environment and possible network capabilities. This mismatch is dangerous because it hides the skill's real access needs from reviewers and policy enforcement, increasing the chance of overprivileged or unreviewed data access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal