ClawHub

Jettyd Skill

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate jettyd IoT integration, but it gives agents direct control over real devices and persistent automations without built-in confirmation safeguards.

Install only if you intend to let OpenClaw interact with and potentially control your jettyd devices. Use a least-privilege API key, keep keys and fleet tokens out of committed files, require explicit human approval before relay, actuator, irrigation, power, config, or webhook changes, and periodically review active rules and webhooks for unexpected persistence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The system prompt frames the agent as answering questions about devices and sensor readings, but the bound tools also include a state-changing command interface. That mismatch can cause users or downstream integrators to underestimate the agent's ability to perform real-world actions, increasing the risk of unintended or prompt-induced device operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents commands that can change device state and deploy remote configuration without warning about operational impact or recommending explicit user confirmation. In an IoT context, these actions can affect physical devices, automations, or safety-critical behavior, making accidental or socially engineered misuse more likely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Documenting webhook creation without warning that device events and metadata may be sent to third-party URLs creates a real privacy and data-exfiltration risk. Users may unknowingly route telemetry or event streams to external endpoints, exposing sensitive operational information or device identifiers.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The blueprint instructs users to place long-lived API keys and fleet tokens directly into config files and examples without any warning about secret handling, accidental commits, or local plaintext storage. In an agent skill context, this increases the chance that credentials are exposed to other tools, logs, shell history, or source control, enabling unauthorized access to devices and the jettyd account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document repeatedly shows how to send commands, push OTA configuration, and create automations affecting real IoT hardware, but it does not warn that these actions can trigger physical-world effects. In an agent-integrated environment, an LLM or operator could issue unsafe commands to relays, actuators, or automation rules without validation, causing equipment damage, unsafe actuation, or service disruption.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The send_command tool allows arbitrary state-changing actions on IoT devices with no confirmation, approval gate, or safety policy. In an LLM-agent context, this is especially risky because ambiguous user input, prompt injection, or model mistakes can translate directly into physical or operational effects on connected devices.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
This command sends device actions directly to the remote API with no confirmation, dry-run mode, or warning that it changes live device state. In an agent-driven context, ambiguous or unintended prompts could trigger real-world actions on IoT devices, increasing the chance of accidental unsafe operations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Pushing configuration to a live device can alter rules and heartbeat behavior immediately, yet the CLI provides no warning, validation gate, or confirmation before applying changes. In an IoT setting this can disrupt device behavior, monitoring, automation, or safety-related logic at scale.

Missing User Warnings

Low
Confidence
73% confidence
Finding
Creating webhooks with arbitrary external URLs enables outbound data delivery and event subscriptions without any user-facing disclosure of what information will leave the platform. In practice, this can unintentionally establish exfiltration paths or integrations that persist beyond the immediate CLI session.

Session Persistence

Medium
Category
Rogue Agent
Content
1. Sign up at [jettyd.com](https://jettyd.com) → free tier (5 devices)
2. Get your API key from `api.jettyd.com/v1/api-keys`
3. Create a fleet token at `api.jettyd.com/v1/fleet-tokens`
4. Put the fleet token in `sdkconfig.defaults` (step 1 above)

**Test it:**
Confidence
88% confidence
Finding
Create a fleet token at `api.jettyd.com/v1/fleet-tokens` 4. Put the fleet token in `sdkconfig.defaults` (step 1 above) **Test it:** ```bash curl https://api.jettyd.com/v1/devices \ -H "Authorizatio

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal