ClawHub

show sysinfo

Security checks across malware telemetry and agentic risk

Overview

This is a simple system-information skill that runs disclosed, read-only inspection commands, but its reports can include local usernames, sessions, and network details.

Install this only if you want the agent to generate local system reports. Review and redact reports before sharing them, especially fields containing usernames, logged-in sessions, IP addresses, hostnames, OS details, home directories, or shell information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill collects network, account, and host-environment data without warning that the output may contain sensitive information such as usernames, interface details, and OS inventory. In an agent setting, this can lead to unnecessary disclosure of operational details into chat transcripts or generated reports.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill explicitly includes collection of login/session data (`who`) and account information in a normal summary workflow, which can expose usernames, active sessions, and environment details beyond what is necessary for basic system health checks. This increases the chance of sensitive operational data being surfaced or retained in logs and reports.

Credential Access

High
Category
Privilege Escalation
Content
| 网络接口 | `ip addr` 或 `ifconfig` |
| 登录用户 | `who` |
| 系统运行时间 | `uptime` |
| 用户信息 | cat /etc/passwd |

## 执行步骤
Confidence
98% confidence
Finding
/etc/passwd

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal