ClawHub

Farmos Equipment

Security checks across malware telemetry and agentic risk

Overview

This farm equipment skill appears purpose-related, but it needs review because it can write safety-relevant maintenance and task records with broad or unclear controls.

Install only after confirming the backend requires authentication/authorization for all write endpoints, that the skill clearly asks before completing maintenance or logging hours, and that automatic critical-mode notifications/task creation are narrowly defined, auditable, and acceptable for your farm operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest presents this as a query-focused, integration-endpoint skill, but the body expands it into a mutating operational tool that can create tasks, log hours, and record maintenance completion. That mismatch increases the chance an orchestrator or user will authorize the skill under a narrower trust assumption than the skill actually requires, enabling unexpected side effects.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The metadata says the skill uses integration endpoints only, but the documentation later directs use of regular API endpoints outside that declared scope. This scope expansion can bypass policy assumptions, routing controls, or review decisions made based on the manifest, leading to broader access than expected.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill instructs cross-module access to tasks, observations, and weather even though its stated purpose is equipment queries and maintenance. This broadens data access and action scope beyond least privilege, increasing the risk of unauthorized data correlation, privacy leakage, or unintended workflow manipulation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents unauthenticated maintenance-record updates without prominently warning that it performs persistent writes to operational records. In this context, equipment maintenance history is safety-relevant; unauthorized or mistaken updates could falsify service completion, hide overdue work, or create unsafe assumptions about machine readiness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The POST hour-logging instruction writes persistent equipment usage data but does not clearly disclose that it changes system state. Incorrect or malicious readings can trigger or suppress maintenance schedules, distort utilization records, and affect downstream safety and planning decisions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The critical-mode section authorizes automatic notification and task creation without an upfront disclosure that the skill may take immediate external actions on the user's behalf. Even if safety-motivated, silent auto-escalation can trigger unauthorized communications and workflow changes, and could be abused by malicious or mistaken inputs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill encourages creation of maintenance flags and work orders in another system, but the description does not clearly warn users that this can create external tasks and operational records. This undermines informed consent and can lead to unexpected cross-system writes, noisy workflows, or abuse of downstream task queues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal