ClawHub

Multi Robot Skill

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear robotics-control purpose, but it enables direct AI-planned control of physical robots without enough safety gates or scoping for live actuation.

Install only in a controlled robotics environment. Before using it with real hardware, add human approval before every motion or manipulation command, use simulation or dry-run by default, restrict allowed robot endpoints and actions, require authenticated robot APIs, verify emergency-stop and workspace safety procedures, and pin/audit dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (20)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill clearly enables network communication to arbitrary robot HTTP endpoints, but the manifest declares no corresponding permissions or safety constraints. This creates hidden capability expansion: an agent or user may invoke networked physical-device control without transparent authorization, review, or policy gating.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document explicitly promotes autonomous robot control, dynamic adapter generation from API docs, parallel orchestration, and real-time feedback without any safety boundaries, operator approval requirements, simulation-first guidance, or warnings about physical-world consequences. In a skill intended to control real robots, this omission materially increases the chance that an agent will translate untrusted instructions into unsafe physical actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These instructions tell users to provide robot API documentation in chat and imply Claude will generate an adapter, register the robot, plan actions, and execute them directly. Because the API documentation is effectively untrusted input and may include sensitive endpoints or dangerous operations, the lack of warnings, validation steps, or execution constraints creates a realistic path to unsafe command generation and unauthorized physical/system actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instant-messaging example normalizes controlling real robots from chat messages but provides no caution about authentication, message spoofing, accidental triggering, or physical hazards. In this context, natural-language chat is a weak control channel, so presenting it without safety controls can encourage unsafe deployment where ambiguous or malicious messages cause real-world motion.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document presents direct examples for registering and controlling real robots over HTTP, including motion, grasping, loading, and unloading, but provides no safety warning, operator confirmation requirement, sandbox/simulation boundary, or physical-world risk guidance. In an agent skill context, this can normalize unattended execution of network-connected physical actions and increase the chance of unsafe deployment, misoperation, or damage to people, property, or equipment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly encourages users to have an AI agent automatically clone a Git repository, install dependencies, read additional instruction files, and generate integrations from external documentation, but it provides no warning about supply-chain risk, prompt-injection risk, or the danger of executing unreviewed code. In an agentic environment, this can lead to unattended execution of attacker-controlled code or instructions from the repository or referenced docs, expanding the attack surface beyond normal manual installation.

Missing User Warnings

High
Confidence
98% confidence
Finding
The README shows natural-language execution of tasks that control physical robots over HTTP, including coordinated multi-robot actions, without any visible operator-safety warning, simulation-first guidance, authorization checks, or requirement for emergency stop and bounded operating conditions. Because this skill is specifically designed to turn AI-planned instructions into real-world robot actions, mistakes, prompt manipulation, or misinterpretation can directly cause unsafe motion, property damage, or bodily harm.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to generate adapters, register robots, and execute plans that can move manipulators and quadrupeds, but it provides no requirement for operator confirmation, environment checks, or safety interlocks before physical actions. In a robotics context, omission of these safeguards can directly lead to unsafe motion, collisions, dropped payloads, or harm to nearby people and equipment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples normalize sending commands and parameters over HTTP to robot devices without warning that task data and control inputs are transmitted to external endpoints and may trigger immediate physical actuation. This combination of silent network transmission and real-world control increases the chance of unintended device operation, unsafe execution, and misuse against incorrectly specified or malicious endpoints.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide exposes high-level robot actions that can cause real-world motion and manipulation of physical devices, but it does not include operator safety warnings, confirmation requirements, workspace validation, or emergency-stop guidance. In a multi-robot coordination context, omission of these controls increases the chance of unsafe autonomous execution, collisions, or unintended handling of objects in the physical environment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The report describes a skill that enables natural-language control of physical robots, including via messaging platforms, but provides no safety warnings, operator confirmation requirements, authorization model, or environmental safeguards. In a real-world actuation context, this omission is dangerous because an agent could translate ambiguous or spoofed chat input into unsafe motion or object-handling commands that can damage property or injure people.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow example shows a user sending a simple chat message that leads directly to autonomous multi-step robot execution, yet it does not mention identity verification, command confirmation, safety interlocks, or authorization boundaries. Because this is an operational example for a multi-robot control skill, it normalizes direct chat-to-actuation behavior and increases the risk of unsafe execution, prompt ambiguity, message spoofing, or abuse through compromised messaging accounts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This adapter directly issues physical robot-control commands over HTTP for movement, posture changes, loading, and unloading without any built-in safety interlocks, operator confirmation, policy checks, or validation of whether the requested action is safe in the current environment. In a multi-robot coordination skill controlling real quadrupeds, this increases the risk of unsafe motion, collisions, or unintended actuation if the caller is mistaken, compromised, or provides unsafe parameters.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This adapter issues real mechanical-arm motion and gripper commands directly to HTTP endpoints without any built-in confirmation, safety interlock, authorization check, or policy gate for hazardous actions such as move, grab, release, and release_to_dog. In a multi-robot control skill, these are physical-world operations that can damage equipment, drop objects, or injure nearby people if triggered accidentally, by prompt misuse, or through higher-level agent error.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This demo executes a multi-step physical robot plan immediately via `skill.execute_plan(plan)` after registering real robot endpoints, without any explicit operator confirmation, simulation gate, dry-run, or safety interlock in the script. In a robotics skill, that is materially dangerous because the actions include movement, grabbing, placing, loading, unloading, and zone navigation against live HTTP-controlled robots, so accidental invocation can cause property damage or physical harm.

External Transmission

Medium
Category
Data Exfiltration
Content
params = params or {}
        try:
            if action == "action_name":
                resp = requests.post(
                    f"{self.endpoint}/api/action",
                    json=params,
                    timeout=self.timeout
Confidence
92% confidence
Finding
requests.post( f"{self.endpoint}/api/action", json=

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
numpy>=1.20.0
Confidence
95% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
numpy>=1.20.0
Confidence
94% confidence
Finding
numpy>=1.20.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
requests

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
80% confidence
Finding
numpy

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal