ClawHub

Smartcar

Security checks across malware telemetry and agentic risk

Overview

This Smartcar skill is coherent but should be reviewed because it can control real vehicles and make broad authenticated API requests without clear consent guardrails.

Review before installing. Use only with Smartcar-connected vehicles you are authorized to access, require explicit confirmation before lock, unlock, start-charge, stop-charge, or any POST/PUT/PATCH/DELETE proxy request, and prefer curated Membrane actions over raw proxy calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill’s stated purpose focuses on managing Smartcar data and workflows, but the documented capabilities include high-impact state-changing vehicle controls such as lock, unlock, start charge, and stop charge. This creates a scope mismatch that can cause an agent or user to invoke the skill for seemingly read-only tasks while unintentionally enabling physical-world actions against a vehicle.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The proxy request feature allows arbitrary API calls through an authenticated Smartcar connection, which is materially broader than a narrowly described data/workflow integration. This can expose undocumented or high-risk endpoints and bypass the safer, discoverable action layer, increasing the chance of unsafe or over-privileged operations.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation text 'Use when the user wants to interact with Smartcar data' is broad enough to match many requests without distinguishing between read-only data access and vehicle actuation. Overbroad routing increases the likelihood that the skill is selected in contexts where the user did not intend to authorize vehicle-affecting operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation lists sensitive operations like lock, unlock, and charging controls without warning that these are state-changing and may have physical or financial consequences. In an agent setting, omission of impact cues can lead to unsafe execution without a deliberate consent checkpoint.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal