Hackrf Sdr

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed HackRF radio-analysis helper with no evidence of hidden networking, credential access, persistence, or destructive behavior beyond temporary capture cleanup.

Install only if you intend to operate a HackRF SDR and understand local radio laws. Use it on frequencies and signals you are authorized to monitor, review output paths before capture or cleanup, and preserve any IQ files you may need before running deletion steps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger language is extremely broad, including 'any SDR-related task' and 'signal intelligence,' which can cause the skill to activate for loosely related or sensitive requests. Over-broad routing increases the chance an agent will invoke shell-capable radio tooling in inappropriate contexts, including surveillance-adjacent use cases or tasks the user did not specifically authorize.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The documentation instructs deletion of capture files as a routine cleanup step without warning the user that data will be permanently removed. Even though the example targets a temporary file, unattended deletion can still destroy evidence, user data, or outputs needed for reproducibility if paths are changed or reused.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal