ClawHub

InterCEPT SDR

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed SDR control integration, but it grants broad live monitoring and process-control authority without enough scoping or safety guidance.

Install only if you intentionally want an agent to control your own iNTERCEPT SDR instance. Change default credentials, restrict the service to trusted networks, and require explicit user confirmation before scans, recordings, killall, remote-agent actions, or retrieval of decoded communications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is extremely broad and includes many surveillance and control actions, increasing the chance the agent invokes it for loosely related SDR, radio, monitoring, or reconnaissance requests. Overbroad routing is dangerous here because the skill can start scanners, remote agents, recordings, and signal intelligence workflows with real-world monitoring implications.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documentation exposes destructive and surveillance-capable operations such as process termination, WiFi/Bluetooth scanning, TSCM sweeps, drone detection, remote agent control, and recordings without any safety constraints, confirmation requirements, or legality/authorization warnings. In this skill context, that is more dangerous because the API is expressly designed to operate SIGINT capabilities against live environments, so accidental or unauthorized use could disrupt systems or enable covert monitoring.

Natural-Language Policy Violations

Low
Confidence
98% confidence
Finding
The skill instructs the agent to authenticate with hard-coded default credentials ('admin/admin'), effectively normalizing use of a shared default account. If the target instance still uses defaults, the skill enables trivial unauthorized access; if not, it encourages insecure deployment practices and unauthorized login attempts.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The /adsb/aircraft endpoint is documented as a GET returning live aircraft position data without any stated authentication requirement, unlike nearby endpoints that explicitly require auth. In an SDR/SIGINT platform, exposing continuous location and movement data unauthenticated can enable unauthorized surveillance, aggregation, and tracking of nearby air traffic activity.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The /acars/messages endpoint exposes decoded ACARS contents and is documented without any authentication requirement or warning, even though message bodies may contain operationally sensitive airline communications. In this skill context, decoded radio traffic is a core SIGINT output, so publishing message contents broadly increases privacy and intelligence-gathering risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal