ClawHub

Sensor

Security checks across malware telemetry and agentic risk

Overview

This skill is a local sensor-note logger, but it advertises broader sensor management features and has command conflicts that make key documented actions behave differently than users would expect.

Review carefully before installing. Treat this as a local free-form logging tool, not as a real sensor polling, conversion, connectivity, or analysis system. Avoid entering secrets, credentials, private network details, or sensitive infrastructure information unless persistent storage in `~/.local/share/sensor/` is acceptable, and verify command behavior before relying on export or status output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The advertised capability is IoT sensor management, but the implementation is a generic local logging utility with mismatched commands and no real sensor interaction. This kind of capability misrepresentation is dangerous because users or higher-level agents may trust it with operational workflows or sensitive telemetry, while it silently stores arbitrary input instead of performing the promised function.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The core handlers accept free-form input and append it to per-command log files rather than interacting with sensors or validating the data path. In an agent environment, this is dangerous because sensitive prompts, secrets, device identifiers, or operational data may be persistently captured under the guise of legitimate sensor actions.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The presence of unrelated generic content-style commands broadens the skill surface beyond its stated sensor purpose, increasing ambiguity and misuse potential. In a delegated-agent setting, this can cause the tool to be selected for tasks outside its safe or intended domain, with user input then being captured or mishandled.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The help text promises export and status functionality, but duplicate earlier case branches intercept those commands and merely log input instead of invoking the real helpers. This mismatch is dangerous because users may believe they are exporting or checking health while actually writing potentially sensitive data to disk, creating both integrity and privacy risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that inputs are automatically written to persistent local logs, including status, config, report, and history data, but it does not prominently warn that potentially sensitive operational information will be stored by default. In an IoT context, sensor readings, device identifiers, connectivity status, and configuration details can reveal infrastructure layout or operational patterns, increasing exposure if the host is shared or later compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-supplied inputs are persistently written to files in the home directory without meaningful notice, consent, retention policy, or redaction. In the context of a purported sensor tool, operators may enter device details, credentials, network info, or telemetry that should not be stored indefinitely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The export feature aggregates historical log contents into new files, potentially duplicating sensitive previously captured input and making disclosure more likely. Because the skill already stores arbitrary user input, exporting amplifies exposure by producing consolidated artifacts that are easier to copy, sync, or leak.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal