ClawHub

Device Control (Iyeque)

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly transparent, but it lets an agent open programs and force-close matching processes on the user's computer, which needs review before installation.

Install only if you are comfortable giving the agent local device-control authority. Use particular care with app-opening and app-closing requests, because the skill can launch powerful local programs and can force-close processes in ways that may interrupt work or lose unsaved data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill invokes shell-capable functionality to control system settings and applications, but it does not declare any permissions or trust boundary information. Even if the documentation claims inputs are sanitized, this file exposes OS-level actions such as launching and terminating apps, so the missing permission declaration reduces transparency and can cause the skill to be granted broader capabilities than users or policy expect.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The open_app action permits launching arbitrary executables or application paths rather than a tightly scoped set of device-control actions. Even with character filtering, this materially expands the skill from 'safe device actions' into general program execution, which could be abused to start shells, scripting hosts, admin tools, or other sensitive local software.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The close_app action allows force-terminating arbitrary processes by name, including with pkill -f on Unix-like systems, which can match broadly and kill unrelated or critical processes. This exceeds a safe automation scope and can be abused for denial of service, disruption of security tools, or termination of user/system applications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal