ClawHub

Low Altitude Guardian

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly local, but it mixes advice-only drone safety claims with autonomous flight-procedure content and persistent learning that should be reviewed before use.

Install only for offline analysis, training, or drafting advisory procedures. Do not connect its outputs to live drones, eVTOLs, autopilots, dispatch systems, or automated emergency workflows without certified safety engineering, explicit human approval gates, and review controls for learned template changes and stored .guardian data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (26)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The README presents the skill as 'analysis-only' and 'not connected to flight control', but elsewhere describes a closed-loop pipeline including execution, monitoring, autonomous selection of actions, and self-iteration. In a safety-critical aviation context, this contradiction can mislead integrators into deploying or trusting the skill in operational paths it was not safely bounded for, increasing the risk of unsafe autonomous behavior.

Description-Behavior Mismatch

Critical
Confidence
99% confidence
Finding
The crisis level table explicitly states automatic execution for L3-L5 scenarios, which directly conflicts with the claim that the skill only outputs recommendations and does not control flight. For drones/eVTOL and other real-world devices, ambiguous documentation about autonomous actuation can cause operators or downstream agents to permit unsafe automated actions during emergencies.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The README includes a later disclaimer that the project is not for real flight control, but earlier sections describe device-side execution monitoring, solution matching, reporting, learning, and other operational behaviors consistent with active control support. This inconsistency undermines safe operator understanding and can cause dangerous overreliance on a prototype in live environments.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The document repeatedly claims the skill does not execute flight control, yet later specifies 'autonomous execution', 'timeout auto-execution', and concrete control actions such as switching flight modes and flying to alternate landing points. In a safety-critical aviation context, this contradiction can cause operators or integrators to rely on the skill under false assumptions, increasing the risk of unsafe automation or accidental operational use beyond its declared certification boundary.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This template does more than provide abstract analysis guidance: it encodes a concrete operational sequence with specific control actions, thresholds, speeds, descent rates, and mode switches that could be directly consumed by an agent or downstream system as flight-control instructions. In the context of an emergency UAV/eVTOL decision skill, that materially increases the chance that 'advisory' content is used as executable or semi-executable safety logic without sufficient validation, creating real-world safety and regulatory risk.

Description-Behavior Mismatch

Low
Confidence
83% confidence
Finding
Labeling the expected post-incident device status as '正常' after a GPS-loss emergency can mislead operators or downstream automation into underestimating the seriousness of the event. That can suppress needed inspection, incident handling, or conservative recovery behavior after degraded navigation, especially when the same template already acknowledges residual risks such as drift and no-fly-zone incursion.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This template does not merely analyze an emergency; it specifies a sequenced set of concrete flight-control actions such as return-to-home, climb to altitude, navigate home, communications retry, and landing. In the context of a skill that claims to be analysis-only and not connected to flight control, this creates a dangerous capability/intent mismatch that could enable downstream systems or operators to treat the file as executable operational guidance without the safeguards required for autonomous control.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The content presents an executable autonomous procedure with ordered steps, parameters, timeouts, and fallback behavior, directly contradicting the documented non-flight-control purpose. That contradiction is dangerous because integrators may rely on the manifest's lower-risk framing while inadvertently importing logic suitable for operational actuation, increasing the chance of unsafe deployment in real aircraft systems.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This template contains explicit operational flight-control directives such as reducing altitude, navigating into wind, and performing an emergency landing, which goes beyond passive analysis assistance. In a safety-critical aviation context, presenting imperative maneuver instructions as part of an 'analysis-only' skill can cause downstream systems or operators to treat the output as authoritative control guidance, increasing the chance of unsafe or unauthorized actions during severe weather.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The file conflicts with the stated skill boundary by describing an active maneuver-and-landing sequence despite the metadata claiming the skill does not execute flight control. This kind of intent/behavior mismatch is dangerous because integrators, operators, or orchestration agents may rely on the manifest for safety assumptions while the content effectively supplies actionable flight procedures in an emergency scenario.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The template encodes concrete flight-control and mission-execution steps such as mode switching, altitude changes, navigation, landing, and motor disarm, which directly contradicts the stated boundary that the skill is only an analysis aid and does not connect to flight control or execute real control actions. If a surrounding agent or integrator interprets these action blocks as executable procedures, this creates a dangerous capability expansion from advisory output into operational control, potentially causing unsafe autonomous behavior during an in-flight emergency.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The template contains concrete operational commands such as parachute deployment, steering the aircraft, emergency broadcast, payload jettison, and battery cut-off, which goes beyond a purely analytical assistant and into actionable control logic. In the context of a low-altitude emergency engine, these steps could be directly consumed by downstream automation or operators under stress, creating a real safety risk and violating the stated non-flight-control boundary.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The template explicitly recommends jettisoning hazardous payloads, including battery packs, which is an inherently dangerous act that can shift risk onto people or property below. Because the skill is described as analysis-only, including a hazardous actuation recommendation is unjustified and especially dangerous in emergency scenarios where operators or integrators may treat the template as approved procedure.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The file is structured as an action execution template with ordered steps, conditions, timeouts, and parameters, which contradicts the documented claim that the skill does not execute actual flight control. This mismatch is dangerous because downstream systems, auditors, or users may rely on the manifest's safer description while the content actually encodes operational behavior.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill advertises itself as an analysis-only emergency aid, but the learning path writes incident data to disk and can modify solution templates based on externally supplied feedback. That creates an integrity risk: a crafted feedback file can poison the local knowledge base and influence future recommendations, which is especially sensitive in a safety-critical emergency-decision context.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The code persists decision audit logs to disk under .guardian/decisions, including snapshot-derived operational fields such as device_id, crisis_trigger, battery, and altitude. In a tool described as analysis-only and not performing operational actions, this creates an undisclosed persistence channel that can retain sensitive operational data and expand the skill's effective scope beyond transient analysis.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The human_in_the_loop logic returns autonomous_execute, autonomous_with_notification, and timeout-based automatic execution modes for higher crisis levels, which contradicts the stated scope that the skill is only an analysis aid and does not execute actual flight control. In a safety-critical aviation context, encoding autonomy recommendations as default behavior can be integrated downstream and lead operators or calling systems to treat the output as authorization for immediate action without meaningful human confirmation.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The code defines execution modes that imply direct or automatic operational action, including autonomous execution and automatic execution after timeout. Even if this file does not directly control hardware, those semantics exceed a recommendation-only boundary and can enable unsafe automation when consumed by other components in an emergency-response stack.

Description-Behavior Mismatch

High
Confidence
82% confidence
Finding
The generated plan embeds operational language such as '设备自主执行' and '超时自动执行', which can be interpreted as executable autonomous-control policy despite the skill claiming to be analysis-only and not connected to flight control. In a safety-critical aviation context, this mismatch is dangerous because downstream operators or integrators may treat the generated output as approved real-time control guidance, increasing the chance of unsafe automation or misuse.

Intent-Code Divergence

Medium
Confidence
76% confidence
Finding
The module claims to generate enterprise emergency-plan documents, but the produced content includes prescriptive autonomous-action semantics that resemble operational runbooks for machine execution. In this domain, conflating planning documentation with actionable autonomous procedures can cause unsafe reliance, especially if other components ingest the output as authoritative policy.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The code can export the full knowledge base, including incidents, solutions, and rules, to an arbitrary output file without any access control, redaction, or sensitivity checks. In an enterprise environment, this materially increases the risk of bulk disclosure of operational and incident data if the tool is invoked by an unauthorized user or through an unsafe workflow.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The enterprise features describe collection of operational data, uploads, incident ingestion, analytics, and knowledge-base construction without any warning about sensitive telemetry, incident logs, regulatory data, personal data, or retention/sharing practices. In fleet and aviation-adjacent environments, such data may expose locations, operational weaknesses, compliance details, or personal/safety information.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README describes autonomous action at higher crisis levels without a clear, prominent warning that such behavior could affect physical devices and real-world safety outcomes. In a low-altitude vehicle context, lack of explicit warning materially increases the chance of unsafe deployment, mistaken trust, or accidental integration into control loops.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation criteria are too coarse for a high-risk emergency template: 'remaining_motors: 0', optional parachute state, and altitude '>5' do not adequately constrain aircraft type, controllability, environment, population density, or certainty of sensor data. In a crisis system, underspecified selection logic can cause the wrong template to be applied, leading to harmful recommendations such as inappropriate steering, parachute deployment assumptions, or payload handling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The audit log writes snapshot-derived operational data to disk without any visible warning, consent mechanism, or disclosure in this file. In a system handling crisis telemetry for drones/eVTOL, undisclosed persistence can expose sensitive operational patterns, device identifiers, and incident details to local users, backups, or other software on the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal