ClawHub

Cinmoore Skill Devices

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real smart-camera control skill, but it asks users to install opaque downloaded binaries that handle camera credentials and can record video or change device settings.

Install only if you trust the publisher and can independently verify the downloaded binaries. Use least-privilege test camera credentials first, avoid storing production secrets in shared environment files, and require explicit user confirmation before recording video, moving cameras, calibrating devices, or changing detection settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The install block retrieves unsigned executables, ffmpeg binaries, and a configuration file from remote URLs and instructs the agent to make the downloaded binary executable. This creates a supply-chain and arbitrary code execution risk: if the remote host, object storage, or network path is compromised, users may run attacker-controlled code with local privileges.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README states that media features will automatically download and configure FFmpeg from the cloud on first use, which introduces undeclared network activity and local system modification. In a device-control skill distributed as a binary with obfuscated core logic, this is risky because users cannot easily inspect what is fetched, verify integrity, or understand the supply-chain and execution implications before running it.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README instructs users to place SDK credentials, usernames/passwords, and model API keys in environment configuration, but does not clearly warn that these secrets grant access to remote services and that device/video data may be sent to external APIs. For a camera-control and VLM/LLM-enabled skill, this increases privacy and credential-exposure risk because highly sensitive telemetry and images may leave the local environment without explicit disclosure.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance is very broad: it says to invoke when a user wants to control devices, analyze video, query events, or understand capabilities. Such generic phrasing increases the chance the skill is triggered for common requests, causing unnecessary exposure to sensitive device-control and video-analysis actions in contexts where the user may not have intended this skill to run.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The Linux installation instructions perform multiple remote downloads and write executable and configuration files locally without any warning about trust, file-system changes, or execution risk. In a skill context, this is dangerous because it normalizes silent retrieval of code and config, which can lead to unexpected persistence or code execution if the artifacts are tampered with or the user does not understand what is being installed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The Windows install block similarly downloads an executable, ffmpeg, and a config file to local paths without explicit notice or integrity verification. Because the skill controls devices and handles media, compromise of the downloaded tooling could give an attacker a strong foothold for arbitrary code execution, credential theft, or surveillance-related abuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal