ClawHub

FRITZ!Box

Security checks across malware telemetry and agentic risk

Overview

This skill controls a local FRITZ!Box router and smart-home devices as advertised, with sensitive capabilities disclosed and scoped to a private/local host.

Install only if you want an agent to manage your FRITZ!Box and paired FRITZ!DECT devices. Use a dedicated least-privilege FRITZ!Box user, prefer a protected .env file over command-line passwords, verify FRITZBOX_HOST points to your own local router, and require explicit confirmation before any Wi-Fi, reconnect, or smart-home state change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares required environment variables and clearly expects file and network access, but it does not declare explicit permissions despite having capabilities to read credentials and communicate with the router. This creates a permission-model gap: the agent may invoke a network-controlling skill without a transparent, enforceable permission boundary, increasing the chance of unintended sensitive actions against the local router or smarthome devices.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The installation guide instructs users to place FRITZ!Box usernames and passwords into a local .env file without any warning about protecting that file from accidental disclosure through source control, backups, logs, or shared systems. While this is common developer practice, these are sensitive router credentials and exposure could allow unauthorized access to network management and connected smarthome functions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises disruptive actions such as turning WLAN on/off and forcing an internet reconnect, but does not warn users that these operations can immediately disconnect clients, interrupt active sessions, or cut off remote administration. In a router-management skill, these are legitimate features, but documenting them without safety context increases the chance of accidental self-inflicted denial of service or loss of connectivity.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README recommends passing router credentials directly on the command line, which can expose secrets through shell history, process listings, terminal logs, and audit tools. Because these are administrative credentials for a router, disclosure could enable network reconfiguration, device control, or broader compromise of the local network environment.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include broad everyday terms such as "router," "wlan," "wifi," and "smarthome," which can cause the skill to activate in conversations that are only informational or tangentially related. In this context, accidental activation is more dangerous than usual because the skill can perform high-impact network and device-control actions, including disabling Wi-Fi, reconnecting the internet, and switching physical devices.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill automatically loads credentials from multiple .env locations, including a user-home path, without explicit disclosure or consent at runtime. In an agent skill context, this increases the chance that sensitive router credentials are silently consumed and used for privileged actions the user may not realize are being authenticated automatically.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill exposes destructive administrative actions such as WAN reconnect and device switching without confirmation, warning, or secondary authorization. In an agent setting, a mistaken trigger or ambiguous user request could interrupt connectivity or change smart-home state unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal