ClawHub

Auto Monitor - System Monitoring

Security checks across malware telemetry and agentic risk

Overview

This system monitoring skill is plausible, but it gives an agent recurring monitoring and immediate repair authority without clear limits or approval steps.

Install only if you intend to give an agent proactive system-monitoring authority. Use read-only monitoring by default, define the exact hosts and interval, and require explicit confirmation before any restart, deletion, configuration change, process kill, or other repair action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
91% confidence
Finding
The skill is defined to proactively monitor system state and report without waiting for user instruction, but it does not clearly bound when monitoring starts, what systems are in scope, or what authorization is required. In an agent setting, this can lead to overbroad autonomous behavior, unexpected access to operational data, and actions outside user intent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill states that issues which can be automatically fixed should be handled immediately, with no warning, approval step, rollback plan, or safety boundary. Automatic remediation on production systems can interrupt services, modify configurations, or worsen incidents if the diagnosis is wrong, making this materially dangerous in the system-administration context.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description states that the skill proactively monitors system status but does not define activation boundaries, target systems, data sources, or authorization scope. For an autonomous monitoring skill, this ambiguity can enable overbroad behavior, unexpected background access, or collection/reporting beyond what a user or platform operator intended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal