ClawHub

valuescan-monitor-skill

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but it needs review because it runs persistent monitors, stores API secrets in plaintext, and can build output file paths from streamed token data without sanitizing them.

Review before installing. Use a dedicated low-privilege account or container, create a dedicated ValueScan API key, restrict permissions on ~/.vs-monitor and config.json, choose a non-sensitive output directory, and ask the maintainer to sanitize token symbols, enforce output-path containment, and verify PIDs before killing processes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill performs file writes and network access but does not declare corresponding permissions, which reduces transparency and prevents proper policy enforcement by the host. In this context, the omission matters because the skill persists data locally, stores credentials, and opens network streams, all of which are security-relevant capabilities users should explicitly understand and approve.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad enough that ordinary conversational requests like starting or stopping monitoring could cause the assistant to launch or terminate background processes. Because the skill can write files and kill PIDs, ambiguous activation increases the chance of unintended actions rather than direct code execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The installation flow asks for API credentials and stores them in plaintext in a local config file, but the warning appears later in the document instead of at the point of collection. This increases the likelihood users disclose secrets without understanding storage risks, and plaintext secrets are vulnerable to local compromise, backups, logs, or overly permissive filesystem access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs Claude to read PID files and kill processes without requiring immediate user confirmation or validating that the PID still belongs to the expected monitor. PID reuse or stale PID files can lead to terminating unrelated processes, and broad stop commands increase the risk of accidental disruption.

Session Persistence

Medium
Category
Rogue Agent
Content
**后台启动:**
```bash
nohup python /path/to/vs-monitor-skill/script/monitor.py --market \
    --config=~/.vs-monitor/config.json > ~/.vs-monitor/market.log 2>&1 &
echo $! > ~/.vs-monitor/market.pid
```
Confidence
88% confidence
Finding
nohup

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal