Is system-info safe?
https://clawhub.ai/Xejrax/system-info
system-info is a minimal, documentation-only skill that describes standard Linux diagnostic commands (CPU, memory, disk, uptime). It contains no executable code, no install hooks, no prompt injection vectors, and no exfiltration logic. The only concerns are inherent information disclosure from its intended purpose and sensitive file reads during install that are attributed to the OpenClaw runtime rather than the skill itself.
Category Scores
Findings (5)
LOW System information disclosure by design -10 ▶
The skill's intended purpose is to expose CPU, memory, disk, and uptime information. While this is legitimate for diagnostics, the gathered data constitutes host fingerprinting information that could aid an attacker if relayed to untrusted parties.
LOW Sensitive file reads during install phase (runtime-attributed) -45 ▶
The OpenClaw runtime read .env, .aws/credentials, .profile, and .bashrc during the skill install phase. These reads are attributed to the runtime bootstrapping process (gateway lock creation, jiti cache compilation) rather than the skill itself. No network egress occurred, so no data was exfiltrated. However, the .aws/credentials access during a skill install is a platform-level concern worth noting.
INFO No executable code in skill 0 ▶
The skill contains only a SKILL.md documentation file and metadata JSON files. The install array is empty. No scripts, hooks, submodules, or symlinks are present.
INFO Clean SKILL.md with no injection vectors -5 ▶
SKILL.md contains standard markdown documentation describing system diagnostic commands. No instruction overrides, persona hijacking, suppression directives, or obfuscated content detected.
INFO Lock file references different skill -5 ▶
The .clawhub/lock.json references 'academic-research-hub' rather than 'system-info'. This appears to be a pre-existing workspace artifact from a previous skill installation and does not indicate tampering.