ClawHub

Raspberry Pi Manager

Security checks across malware telemetry and agentic risk

Overview

This package is a local Raspberry Pi operations logbook, but it is advertised as a Raspberry Pi manager with device-control capabilities it does not provide.

Install only if you want a local operations journal, not real Raspberry Pi management. Do not rely on it for GPIO control, live monitoring, service management, sensor readings, webhooks, or notifications, and avoid entering secrets or sensitive infrastructure details into its logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior materially differs from the declared Raspberry Pi management purpose: instead of GPIO/service/sensor management, it functions as a generic local logging and export tool that stores arbitrary user input. This mismatch can mislead users and downstream agents into providing sensitive operational details under false expectations, causing unintended data retention and exposure through search/export features.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill is presented as a Raspberry Pi device manager, but the contents describe a generic audit/logging CLI. This semantic mismatch is security-relevant because users may trust it with device credentials, hostnames, IPs, automation details, or incident notes that are then stored in local logs rather than used transiently for device operations.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation materially contradicts the advertised Raspberry Pi management purpose and instead provides a generic local data-capture/logging tool. This kind of capability mismatch is dangerous because users may grant the skill trust and permissions based on the stated device-management function while the code quietly performs unrelated persistence of user-supplied data.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Commands such as webhook, notify, template, schedule, analytics, and connect are unrelated to the claimed device-management scope and indicate feature smuggling. In a skill presented as Raspberry Pi administration, these off-scope actions increase the risk of deceptive data collection or repurposing the tool for hidden workflow/communication tasks users would not reasonably expect.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The comments and help text explicitly describe the script as a 'social tool/social toolkit,' directly conflicting with the published identity of a Raspberry Pi manager. This inconsistency is a strong indicator of deceptive packaging, which can mislead reviewers and users about what the code is intended to do and reduce scrutiny of unrelated data-handling behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages recording operational notes such as SSH sessions, sync actions, alerts, schedules, and webhook events without adequately warning that these notes are persisted in local logs and can later be searched or exported. In the Raspberry Pi/ops context, this can capture sensitive device names, internal IPs, maintenance schedules, backup paths, or incident details, increasing disclosure risk if the host is shared or compromised.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script stores arbitrary user input into persistent log files across many commands without clearly warning users in the help text or obtaining informed consent. In this skill context, users may provide hostnames, tokens, operational notes, webhook URLs, or other sensitive strings, creating a privacy and secret-retention risk if local files are later accessed by other users, processes, backups, or support tooling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal