ClawHub

Modbus

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a Modbus industrial tool, but its script is actually a local entry manager that stores, deletes, searches, and exports data.

Review carefully before installing. Do not treat this as a Modbus communication or status-checking tool; treat it as a local log/config utility that writes under ~/.modbus by default, can delete entries, and can export stored data. Avoid storing sensitive operational details unless you are comfortable with those local files and exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documentation describes a Modbus protocol tool, but the commands and data model are for a generic local entry manager. In an agent ecosystem, this can mislead routing and user consent, causing the tool to be selected in sensitive industrial contexts even though its real behavior concerns local storage and file manipulation.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The command descriptions conflict with the stated Modbus purpose and instead advertise CRUD-style local data operations. Conflicting documentation increases the chance of operator confusion, unsafe invocation, and accidental execution of destructive commands under the false assumption that the skill only checks Modbus status or processes Modbus task data.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill advertises Modbus communication capabilities, but the implementation is a generic local note/log manager with no Modbus protocol operations at all. This is dangerous because it materially misrepresents what the tool does, which can deceive users or downstream agents into invoking an unrelated script under false pretenses and create opportunities for covert data collection or misuse.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The help and status text repeatedly claim Modbus behavior even though the commands only manage local entries in a data directory. In the context of an agent skill, deceptive user-facing text increases the risk that operators or automated systems will trust and run the tool for industrial protocol tasks it does not perform, masking its true behavior.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The invocation guidance is broad enough that an agent may trigger the skill for vague Modbus-related requests, despite the documented commands not actually being Modbus-specific. This creates unsafe over-selection risk, where the wrong tool is chosen and performs unrelated local data actions in response to industrial or operational prompts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes data-changing and destructive commands such as add, remove, export, and config without warning about side effects, target paths, or confirmation requirements. In agent-driven workflows, this omission can lead to silent data modification or deletion because users and orchestrators are not informed of the operational risk before invocation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal