ClawHub

Anova Oven

Security checks across malware telemetry and agentic risk

Overview

The skill appears to control Anova devices as advertised, but it can remotely start or stop a real heating appliance without enough confirmation, targeting, or range guardrails.

Review this before installing if an agent may act on casual prompts. Only use it with explicit user confirmation for start, stop, or temperature changes; verify which Anova device will be controlled; and consider adding range limits and dependency pinning before regular use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directly exposes commands that can start, alter, and stop a heat-producing physical appliance, but it provides no safety gating, confirmation requirements, or warnings about heat, unattended operation, or verifying the target device. In an agent setting, this can enable unsafe remote actuation from ambiguous or malicious prompts, increasing the risk of burns, fire hazards, food safety issues, or disruption of an in-progress cook.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger examples are broad, natural phrases such as 'Stop cooking' and 'What's the current oven temperature?' that could plausibly appear in ordinary conversation and unintentionally invoke a skill that controls physical devices. In this context, accidental activation can change oven state, temperatures, or timers, creating real-world safety risk beyond a typical informational skill.

Unpinned Dependencies

Low
Category
Supply Chain
Content
websockets>=10.0
Confidence
95% confidence
Finding
websockets>=10.0

Known Vulnerable Dependency: websockets — 4 advisory(ies): CVE-2018-1000518 (websockets is vulnerable to denial of service by memory exhaustion); CVE-2021-33880 (Observable Timing Discrepancy in aaugustin websockets library); CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly C) +1 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
websockets

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal