ClawHub

MegaSquirt Tuner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Megasquirt tuning helper with an optional local MSQ analyzer, but users should treat its engine-tuning advice as safety-critical guidance, not automatic truth.

Install only if you want advisory help with Megasquirt tuning. Keep backups, make small changes, verify timing/AFR/boost with proper instruments, avoid relying on AI alone for engine safety, and run the optional analyzer only on tune files you intentionally choose without elevated privileges.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description is extremely broad, including phrases like 'Any Megasquirt/TunerStudio ECU tuning tasks,' which can cause the skill to be invoked for a wide range of safety-critical automotive actions without sufficient specificity or gating. In this context, overbroad invocation is dangerous because the skill provides guidance that can directly affect engine operation, potentially surfacing high-risk tuning advice in situations where stronger warnings, qualification checks, or specialist review are needed.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill gives detailed instructions for real-world ECU tuning, ignition timing, AFR targets, boost control, launch control, and safety-limit configuration, all of which can materially affect engine behavior and vehicle safety, yet it lacks a prominent explicit warning about risks such as engine damage, fire, loss of control, or unsafe road use. The surrounding context makes this more dangerous, not less, because the document is operational and action-oriented, including formulas, target values, and workflow steps that a user could directly apply to a running vehicle.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This guide gives detailed engine tuning procedures for ignition timing, fueling, boost, launch control, and protection thresholds that can materially affect engine integrity and operator safety, yet it does not open with a clear safety disclaimer, competency requirement, or warning about risks such as engine damage, fire, or injury. In context, the document is highly actionable and reads like procedural instruction, which makes omission of explicit warnings more dangerous because inexperienced users may treat suggested values as generally safe defaults.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal