ClawHub

Flipper Zero

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for controlling a Flipper Zero, but it exposes powerful hardware and radio actions without enough enforced safeguards.

Install only if you intentionally want broad Flipper Zero control from an agent. Treat radio transmit, BadUSB, storage deletion, reboot/power, GPIO, and raw commands as privileged actions; require explicit human approval before use, review generated commands, and clean up /tmp screenshot files if they may contain sensitive device or RF information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script exposes high-risk hardware-control actions such as Sub-GHz transmission, storage deletion, reboot/power operations, GPIO writes, NFC/RFID emulation, and raw command passthrough without any confirmation, policy gate, or allowlist. In an agent skill context, natural-language requests may be transformed into these actions automatically, making accidental or malicious invocation much more dangerous than in a purely manual admin tool.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The advertised 'badusb run <path>' capability is inherently high risk because it can trigger device-side keystroke injection payloads, yet the tool presents it as a normal command with no visible warning or safeguard. In an agent-integrated environment, that materially increases the chance of unauthorized execution against a connected host or nearby systems.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The read_signals flow captures SubGHz screen contents and writes image files to /tmp, which can expose decoded signal names, frequencies, or other sensitive RF-related information to other local users, processes, or later forensic recovery. In this skill context, the captured data may include information about nearby wireless devices or saved identifiers, making undisclosed local persistence more sensitive than an ordinary screenshot cache.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Read RAW mode stores screenshots of the capture session under /tmp without explicit disclosure or consent, creating unintended local persistence of potentially sensitive RF monitoring activity. Because RAW capture is tied to signal collection workflows, the screenshots can reveal operational details or artifacts that a user may not expect to be written to shared temporary storage.

Missing User Warnings

Low
Confidence
74% confidence
Finding
Frequency analyzer screenshots are written to /tmp without a user-visible warning, which creates unnecessary local retention of nearby RF activity observations. While typically less sensitive than decoded or raw capture results, these images can still reveal environment-specific radio information and device usage patterns.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The saved-file listing captures screenshots of the user's SubGHz file browser and writes them to /tmp, potentially exposing saved signal names or other identifiers that may correspond to remotes, access systems, or user-labeled targets. In this context, that metadata can be sensitive even if no transmission occurs.

Missing User Warnings

Low
Confidence
71% confidence
Finding
The status command writes a screenshot to a predictable location in /tmp without explicit disclosure, leaving potentially sensitive screen contents on local disk. Although lower risk than dedicated SubGHz capture modes, it still creates avoidable exposure of device state and on-screen information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal