Security Audit

system_monitor

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

system_monitor received a trust score of 98/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Skill command path suggests elevated privileges.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

98%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
LOW	Skill command path suggests elevated privileges The `command` field in `skill.json` specifies an absolute path `/root/.clawdbot/skills/system-monitor/monitor.sh`. Placing executable scripts within the `/root` directory often implies they are intended to be run by the root user or an environment with elevated privileges. While the `monitor.sh` script itself performs only read-only system monitoring tasks (CPU, RAM, GPU status) and does not inherently require root access, executing any skill with unnecessary root privileges poses a security risk. If the AI agent's execution environment runs skills as root, a compromised or malicious skill could exploit this to gain full control over the system. 1. Ensure the AI agent's skill execution environment runs skills with the principle of least privilege. 2. Relocate skill scripts to a non-privileged directory (e.g., `/usr/local/bin`, `/opt/clawdbot/skills`, or a dedicated unprivileged user's home directory) and ensure they are executed by a dedicated, unprivileged user. 3. Verify that the `monitor.sh` script does not require root privileges to function correctly; if it does, document the specific reasons and implement appropriate privilege separation (e.g., using `setcap` or `sudo` for specific commands only, if absolutely necessary, rather than running the entire script as root).	LLM	skill.json:4

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/38828940bed53471.svg)](https://skillshield.io/report/38828940bed53471)