ClawHub

RealWorldClaw

Security checks across malware telemetry and agentic risk

Overview

RealWorldClaw is openly meant to control ESP32 hardware, but it gives agents immediate and autonomous physical actuation power without built-in safety guardrails and weakens local MQTT TLS verification.

Install only if you intentionally want an agent to control real devices. Use harmless test loads first, isolate the device network, protect config.json and rules.json, do not attach relays or servos to hazardous equipment, and require your own human approval process before running act or monitor commands. Avoid submitting account credentials to the cloud API unless you trust that service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes capabilities requiring network access and likely local configuration/file handling, but it does not declare permissions. That mismatch reduces transparency and can cause an agent or reviewer to underestimate what the skill can access or modify, which is especially relevant for a hardware-control skill that can bridge digital actions into the physical world.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill enables direct actuation of relays, servos, LEDs, buzzers, and automation rules without any documented safety interlocks, confirmation step, or warning about real-world consequences. In this context, an agent mistake, prompt injection, or unsafe automation rule could trigger unintended physical actions, potentially causing equipment damage, unsafe motion, power switching, or nuisance/unsafe operation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The `act` command sends physical-world commands to configured devices immediately, with no confirmation prompt, authorization gate, dry-run mode, or safety interlock. In a skill explicitly designed to control relays, servos, LEDs, and other actuators, this can cause unintended or unsafe actuation if invoked by mistake, by prompt injection through an agent workflow, or with malformed parameters.

Missing User Warnings

High
Confidence
99% confidence
Finding
`cmd_monitor` continuously evaluates rules and autonomously calls `send_command` whenever a condition matches, without operator approval, action validation, rate limiting, or fail-safe constraints. Because this skill's purpose is physical device control, autonomous triggering materially increases the chance of repeated unsafe actuation, denial of service on hardware, or hazardous real-world behavior from bad sensor data or malicious rule definitions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal