ClawHub

System Monitor

Security checks across malware telemetry and agentic risk

Overview

This is mostly a legitimate system-monitoring skill, but it needs Review because a trend script can expose disk and memory history through an undisclosed third-party chart URL.

Install only if you are comfortable with the agent reading and storing local system health details, including process and service information. Treat the history folder as sensitive operational data, review permissions and cleanup behavior, and avoid running trend.sh or opening its QuickChart link on sensitive systems unless sending aggregate disk and memory trends to quickchart.io is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script constructs and prints a QuickChart URL containing disk and memory trend data in the query string, which is an external service integration not required for local monitoring. If the URL is opened, historical system telemetry is disclosed to a third party without explicit consent or clear warning, extending data exposure beyond the stated local monitoring purpose.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The embedded Python code imports URL-encoding logic and later prepares data for QuickChart, introducing an outbound data-sharing path into a system-monitoring skill whose purpose is otherwise local analysis of host metrics. In this context, the external integration increases the attack surface and privacy risk because operational telemetry may leave the host environment.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger text is broad enough to overlap with common requests like asking for system status or health, increasing the chance of unintended activation. In an agent environment, overbroad triggers can cause the skill to run during unrelated conversations and collect or persist host telemetry without a clearly intended user action.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The manual-use examples describe very generic scenarios, such as checking system status or server monitoring, without boundaries on when the skill should not be used. That makes accidental invocation more likely and can expose process names, service states, and historical telemetry in contexts where the user did not intend host-level inspection.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises monitoring and history features but does not prominently warn that snapshots are automatically written and retained in history files. Persisting host telemetry without a clear disclosure can create a privacy and security risk because system state, process names, service availability, and trends remain available for later access or misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script persistently writes detailed host telemetry to disk, including hostname, uptime, resource usage, service/container state, and process summaries, without any retention controls, access checks, or user-facing disclosure. On shared systems, these logs can become a local information-disclosure source that helps attackers profile the environment and identify targets.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script outputs a fully formed QuickChart link that embeds labels and system usage data directly in the URL, so anyone opening the link sends that telemetry to quickchart.io. Because there is no user-facing warning, consent flow, or disclosure in the script output, users may unintentionally exfiltrate internal operational information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal