ClawHub

Syscheck

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a system health checker, but the script mainly saves user-provided text into local history files instead of performing the promised diagnostics.

Review before installing. Treat this as a local note/history logger, not a system diagnostic tool. Do not enter hostnames, incident details, credentials, tokens, remediation plans, or other sensitive operational text unless you are comfortable with it being stored under ~/.local/share/syscheck and later searched or exported.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is a system-health/diagnostics tool, but the finding indicates materially different behavior: collecting arbitrary user input, persisting it under the user's home directory, maintaining searchable history, and exporting stored data. That mismatch is security-relevant because users may provide sensitive operational data under the assumption the skill only reads system state; hidden persistence and export features can enable unintended data collection, retention, and exfiltration paths.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill claims to perform system health and diagnostics, but the implementation does not inspect CPU, memory, disk, uptime, processes, or services; it mainly stores arbitrary user input into local log files. In an agent setting, this is dangerous because operators may trust it to assess host health while it silently collects and persists supplied data instead, creating both deception and unintended data retention risk.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
Exposing commands like fix, cleanup, backup, and restore in a purported diagnostics tool is misleading and expands the perceived authority of the skill beyond read-only health checking. Even though these commands currently only log input, they can prompt users or higher-level agents to submit sensitive operational instructions or trust the tool with privileged workflows it does not actually perform.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The documentation markets the script as a comprehensive sysops toolkit, but the code behavior is materially different and primarily records user-provided strings. This mismatch is a security issue in agent ecosystems because capability deception can cause unsafe reliance, incorrect operational decisions, and disclosure of sensitive data entered under the assumption that the tool is performing legitimate diagnostics.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger language ('when you need quick syscheck', 'to automate syscheck tasks in your workflow') is broad and underspecified, which can cause the skill to be invoked in contexts where the user did not clearly request it. For a tool associated with system inspection and possible logging, overly permissive invocation increases the chance of unintended execution and accidental collection or disclosure of system or user-provided data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
User-supplied input is written verbatim to persistent per-command logs and a history log without prominent disclosure or consent. In practice, users may enter hostnames, incident details, credentials, tokens, or other sensitive operational data, which then remains on disk and can later be exposed through search, recent, status, or export commands.

Ssd 3

Medium
Confidence
94% confidence
Finding
The tool persistently records arbitrary input and provides multiple built-in mechanisms to retrieve and export that data, increasing the chance of local disclosure and accidental propagation. In the context of a system administration skill, this is more dangerous because operators commonly provide sensitive environment details while expecting diagnostics, not archival and re-exposure of their inputs.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal