Seed
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is open about controlling firmware, but it gives an agent broad remote power to rewrite and run code on a device with unclear token safeguards.
Install only if you intend to give the agent firmware-level control over a specific device. Keep the node on a trusted network, protect and rotate its token, inspect generated firmware before applying it, and pin or verify any downloaded setup source.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could change a node's behavior or disrupt attached hardware if it follows the workflow too broadly or applies the wrong firmware.
The skill instructs the agent how to change, compile, and deploy firmware on a device over HTTP. These actions can materially alter the device, and the artifacts do not require explicit user approval before applying changes.
POST /firmware/source — Upload new source; POST /firmware/build — Compile (gcc -O2); POST /firmware/apply — Apply + watchdog rollback
Use only on test or explicitly authorized devices, and require a manual confirmation step before any firmware upload, build, or apply operation.
Firmware generated through this skill could execute commands or access files on the device beyond the user's immediate request.
The firmware-building interface exposes raw shell command execution and arbitrary file read/write primitives as building blocks for new firmware, without bounded command sets or path limits.
cmd_out(shell_cmd, buf, bufsize) — run command, capture output; file_read(path, &len) — read file; file_write(path, data, len) — write file
Restrict generated firmware to a reviewed, minimal set of endpoints and avoid exposing generic shell or unrestricted file operations unless the user explicitly approves them.
If the token can be retrieved too easily, someone with network access to the node could gain firmware update authority.
The bearer token gates powerful firmware operations, but the instructions also suggest a /skill endpoint can provide the token when it is not known. The authentication boundary for retrieving that token is unclear.
curl http://<ip>:8080/skill # full connection details + token; All requests except `/health` need: `Authorization: Bearer <token>`
Confirm that /skill is authenticated or disabled in production, rotate tokens after setup, and do not expose the node on untrusted networks.
The code run on the target device could change if the upstream main branch changes.
The optional setup downloads source from the GitHub main branch and immediately compiles/runs it. This is user-directed and purpose-aligned, but it is not pinned to a commit or verified by checksum/signature.
curl -fsSL https://raw.githubusercontent.com/Awis13/seed/main/seeds/linux/seed.c -o seed.c; gcc -O2 -o seed seed.c; ./seed 8080
Inspect the source before running it, pin to a trusted commit or release, and verify integrity where possible.