Segway

Security checks across malware telemetry and agentic risk

Overview

This is a simple Segway device-integration instruction skill with disclosed diagnostics and configuration commands, but users should be careful with reset and vehicle-setting changes.

Install only if you want agent assistance with Segway diagnostics and configuration. Treat factory reset, speed-limit changes, and other vehicle-setting changes as high-impact actions: confirm them explicitly, keep the vehicle stopped, and consider backing up settings first. Review any exported ride or diagnostic data before sharing it, since it may include device or usage information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill exposes potentially destructive actions such as restoring factory settings and modifying vehicle parameters, but it does not clearly warn users about data loss, safety implications, or the need for explicit confirmation before execution. In a device-control skill for vehicles, unclear handling of reset/configuration commands can lead to accidental unsafe changes, loss of configuration, or disruption of device operation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal