ClawHub

box2robot-skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a real robot-control tool, but it also allows purchases and third-party task execution on physical hardware with limited local safeguards.

Install only if you own or administer the Box2Robot devices and trust this publisher. Require explicit human approval for motion, calibration, trajectory playback, camera or audio capture, inference deployment, purchases, and any store-run action. Prefer interactive login over command-line passwords, protect or delete ~/.b2r_token when finished, and review third-party store tasks before running them on hardware.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill exposes a marketplace workflow that can purchase and execute third-party 'ACT Store' tasks on real devices. In a robotics-control CLI, this materially expands trust boundaries: unreviewed remote tasks may trigger physical actions, access cameras, or invoke cloud-side behaviors beyond what a user expects from direct device control.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README exposes immediately usable robot-motion commands such as move, home, torque off, snapshot, and calibrate without prominent warnings about physical movement, collision, pinch, or supervision risks. In a skill intended for AI agents, this omission is more dangerous because an agent may treat examples as safe-to-run actions and issue commands to real hardware without operator confirmation or workspace safety checks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This section documents destructive and privacy-impacting capabilities such as unbind, factory reset, WiFi changes, microphone enablement, audio recording, and OTA updates without requiring confirmation, role checks, or explicit user-consent guidance. In an agent-facing skill, that omission is dangerous because an LLM may translate natural-language requests directly into irreversible device or surveillance actions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The authentication guidance includes plaintext username/password login examples, environment-variable token handling, and token caching to ~/.b2r_token without any warning about secret exposure, shell history leakage, local file permissions, or token lifetime. For an agent skill, this increases the chance that credentials are mishandled, logged, echoed back, or reused in insecure contexts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The CLI usage explicitly allows `b2r login [user] [pass]`, which encourages users to place passwords on the command line. Command-line arguments are commonly exposed via shell history, process listings, logging, and monitoring tools, making credential leakage likely on multi-user or managed systems.

Missing User Warnings

High
Confidence
95% confidence
Finding
`store run` directly executes a purchased third-party task on a target device without any confirmation, review, or warning. In this context the danger is elevated because the target is a robotic arm and possibly associated camera/GPU devices, so a single command can cause unintended physical movement or other unsafe remote actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal