ClawHub

Amr

Security checks across malware telemetry and agentic risk

Overview

This is a simple local record tracker that is overstated as an AMR fleet manager, but it does not show hidden network access, credential use, or broad system authority.

Install only if you want an AMR-labeled local notes/task tracker. Do not rely on it for live robot fleet status or control, and avoid storing sensitive operational data unless you are comfortable with it being kept under ~/.amr and exportable into the current working directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill metadata and inline branding present this as an AMR fleet manager for JSON/CSV tasks and status checks, but the code is actually a generic local data store with add/search/remove/config/export behavior. This kind of capability mismatch is dangerous because it can deceive users and higher-level agents into granting trust, permissions, or operational use under false pretenses, which is especially risky in an automation context where tool selection depends on declared purpose.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The header comment explicitly claims this is an 'Autonomous mobile robot fleet manager,' yet the commands only manipulate local entry and config files. Misleading inline documentation reinforces the deceptive presentation of the tool and can cause operators or orchestrators to invoke it in inappropriate contexts, reducing scrutiny and masking unintended local data handling.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation text is vague and fragmentary ('Use when json amr tasks, csv amr tasks, checking amr status'), which can cause over-broad or mistaken activation by an agent. In an automation setting, ambiguous triggers increase the chance the skill is selected for loosely related JSON/CSV work and then performs file-affecting operations outside the user's intended AMR workflow.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The markdown advertises destructive or file-affecting commands like remove, export, and config without warning about deletion, overwrite, persistence, or filesystem side effects. In a skill-driven environment, this lack of safety messaging can lead users or agents to execute commands that modify or destroy local data without confirmation or awareness of the impact.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal