ClawHub

Meshtastic Detection

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real Meshtastic alert receiver, but it needs review because setup can make privileged system changes and alert instructions may expose sensor details to Feishu unless reconfigured.

Review setup.sh before running it. Replace every Feishu open_id with your own verified recipient, decide whether sender IDs and alert text should be sent to a third-party chat system, and avoid the automatic sudo/get-pip fallback unless you are comfortable with those host and supply-chain changes. The reviewed artifacts do not show clear malicious exfiltration or destructive behavior, but they do warrant careful installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation describes capabilities that read and write local files, execute shell commands, access environment-dependent resources, and deliver alerts externally, yet it declares no permissions. This creates a transparency and policy-enforcement gap: users or platforms may approve the skill without understanding that it can touch local data, invoke commands, and send information over the network.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The setup script performs network-dependent installation actions that go beyond simple local USB receiver setup, including downloading bootstrap tooling and installing Python packages. This expands the trust boundary to remote package sources and increases supply-chain risk, especially because these actions occur automatically during setup rather than being clearly separated into audited/manual steps.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script can invoke sudo apt-get update/install to modify the host system when venv creation fails. A setup helper for a USB alert receiver does not strictly need to escalate privileges automatically, and doing so increases blast radius from a convenience script to host-level package changes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup instructs users to forward detection alert contents to Feishu, including alert count, latest sender, and time, but does not explicitly warn that operational sensor data is being transmitted to a third-party messaging platform. This can create unintended privacy and operational-security exposure, especially because detection events may reveal monitoring activity, device identifiers, or sensitive timing information.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script downloads get-pip.py from the network and immediately executes it inside the virtual environment without integrity verification or an explicit warning. Executing remotely fetched code creates a direct supply-chain execution path if the source is compromised, intercepted, or replaced.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
if command -v apt &>/dev/null; then
      yellow "ensurepip not available — trying: sudo apt install $venv_pkg ..."
      if (command -v sudo &>/dev/null && sudo apt-get update -qq && sudo apt-get install -y -qq "$venv_pkg") 2>/dev/null; then
        if "$PYTHON" -m venv venv; then
          VENV_CREATED=true
        fi
Confidence
97% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
if command -v apt &>/dev/null; then
      yellow "ensurepip not available — trying: sudo apt install $venv_pkg ..."
      if (command -v sudo &>/dev/null && sudo apt-get update -qq && sudo apt-get install -y -qq "$venv_pkg") 2>/dev/null; then
        if "$PYTHON" -m venv venv; then
          VENV_CREATED=true
        fi
Confidence
97% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
if command -v apt &>/dev/null; then
      yellow "ensurepip not available — trying: sudo apt install $venv_pkg ..."
      if (command -v sudo &>/dev/null && sudo apt-get update -qq && sudo apt-get install -y -qq "$venv_pkg") 2>/dev/null; then
        if "$PYTHON" -m venv venv; then
          VENV_CREATED=true
        fi
Confidence
97% confidence
Finding
sudo

Chaining Abuse

High
Category
Tool Misuse
Content
if command -v apt &>/dev/null; then
      yellow "ensurepip not available — trying: sudo apt install $venv_pkg ..."
      if (command -v sudo &>/dev/null && sudo apt-get update -qq && sudo apt-get install -y -qq "$venv_pkg") 2>/dev/null; then
        if "$PYTHON" -m venv venv; then
          VENV_CREATED=true
        fi
Confidence
93% confidence
Finding
&& sudo

Chaining Abuse

High
Category
Tool Misuse
Content
if command -v apt &>/dev/null; then
      yellow "ensurepip not available — trying: sudo apt install $venv_pkg ..."
      if (command -v sudo &>/dev/null && sudo apt-get update -qq && sudo apt-get install -y -qq "$venv_pkg") 2>/dev/null; then
        if "$PYTHON" -m venv venv; then
          VENV_CREATED=true
        fi
Confidence
93% confidence
Finding
&& sudo

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal