ClawHub

JARVIS AI Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is for real robotic arm control, but it lacks reviewed control code and clear safety or confirmation rules for physical movement.

Review this before installing or using with real hardware. Treat it as simulation-only unless you independently obtain and audit the missing control module, confirm dependency provenance, configure emergency stop and workspace limits, and require explicit operator approval for every movement or gripper action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly exposes voice-triggered robotic motion and gripper actions but provides no warning, interlock, operator confirmation, environment validation, or safe-mode constraints. In a physical robotics context, undocumented direct actuation is dangerous because accidental, spoofed, or misunderstood commands could cause injury, property damage, or unsafe movement of heavy equipment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest advertises direct robotic arm and gripper control, precise positioning, force sensing, collision detection, and sequence execution, but provides no warning that these capabilities can cause real-world physical movement or injury. In a hardware-control skill, omission of safety and operating constraints can mislead an agent or user into treating dangerous actions as routine software operations, increasing the chance of unsafe invocation, property damage, or bodily harm.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal