ClawHub

Auto-Heal

Security checks across malware telemetry and agentic risk

Overview

Auto-Heal is a real watchdog tool, but it can automatically restart OpenClaw, kill sessions, delete logs, and change OpenClaw config during install without strong user controls.

Install only if you explicitly want an unattended OpenClaw watchdog. Review the scripts first, consider installing with lifecycle scripts disabled, run manual checks before enabling cron or nohup, and be comfortable with automatic gateway restarts, session kills, config changes, and log cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README advertises automatic restart and cleanup of stuck services and sessions, but it does not clearly warn users that these actions can interrupt running work, terminate active processes, or delete session state. In an agent skill context, unattended self-healing behavior can be operationally disruptive and may cause loss of in-progress tasks if enabled without explicit consent and safeguards.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation phrases are broad operational terms like '自动重启', '健康检查', and '守护进程' that could match ordinary user requests and trigger monitoring or repair behavior without sufficiently explicit consent. In this skill, accidental activation is more dangerous because the documented actions include restarting services and cleaning up sessions, which can disrupt running state.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automatic restart, session cleanup, and memory-based remediation but does not clearly warn that these actions may terminate active work, remove sessions, or alter system state. In context, this omission materially increases risk because the skill is positioned as a background healing mechanism that may run unattended.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The monitor performs destructive remediation automatically by killing sessions and deleting log files without confirmation, dry-run mode, allowlists, or safety guards. In an operational agent environment, this can terminate legitimate work, destroy forensic evidence, and amplify errors if health checks misclassify normal states as failures.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal