ClawHub

volcengine-rtc-device-control

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed device-control skill, but it can translate broad chat phrases into real hardware actions such as immediate shutdown without requiring confirmation.

Install only if you intentionally want an agent to control a currently bound Volcengine RTC device. Require your runtime or operator workflow to ask for explicit confirmation before power-off, vibration, movement, or multi-command actions, and reject unsupported custom commands rather than inferring new hardware behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The protocol expands the skill beyond its declared scope by adding emoji-display and vibration-related behaviors that are not reflected in the manifest description. Scope drift is dangerous because downstream agents or reviewers may permit the skill under narrower assumptions while the implementation can trigger additional device actions not expected by users or policy controls.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The emotion-expression commands are not inherently dangerous, but they are outside the stated hardware-control purpose and therefore represent undeclared capability expansion. Undeclared features weaken trust boundaries, make policy enforcement harder, and can be abused to induce misleading or manipulative device behavior.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Vibration control is an undeclared actuator capability and therefore increases the real control surface of the skill beyond what reviewers and users are told. Physical-output features can create nuisance, surprise, or misuse risks, especially when hidden behind incomplete documentation or broad natural-language mapping.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation guidance uses broad natural-language examples for hardware-affecting actions but does not define confirmation requirements, safety boundaries, or disallowed contexts. This can cause the agent to over-trigger disruptive commands such as shutdown or device movement from ambiguous user phrasing, especially because the skill is designed to translate free-form language directly into control messages.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises disruptive hardware-control capabilities, including device shutdown, without clearly warning that these actions may interrupt service or affect physical device behavior. In this context, the skill controls real hardware, so missing user-facing warnings and confirmation guidance increases the chance of accidental denial of service or unintended physical actions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The guidance allows custom commands and loosely accepts similar natural-language phrasing, which creates an open-ended command surface not bounded by the documented schema. This is dangerous because an agent may infer or synthesize unsupported device actions, bypass validation, or issue commands with unclear semantics to underlying hardware.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The protocol includes immediate power-off functionality without requiring confirmation, warning, or contextual safeguards. Destructive or service-interrupting commands are risky because they can terminate active sessions, interrupt critical device use, or be triggered accidentally from ambiguous natural-language input.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal