ClawHub

jf-open-pro-device-image-flip

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised camera flip task, but it has enough under-scoped device-control and endpoint risks that users should review it before installing.

Install only if you trust the publisher and understand it can change a camera's saved configuration. Use only the documented JFTech regional endpoints, keep JF_APP_SECRET and JF_DEVICE_TOKEN tightly scoped and rotated, and consider patching the script to reject unknown endpoints and fail instead of writing a default Camera.Param when current config is missing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'url' from os.getenv (line 80, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
if channel is not None:
        body["Channel"] = str(channel)
    
    response = requests.post(url, headers=headers, json=body, timeout=30)
    result = response.json()
    
    if result.get("code") != 2000:
Confidence
92% confidence
Finding
response = requests.post(url, headers=headers, json=body, timeout=30)

Tainted flow: 'url' from os.getenv (line 80, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"Camera.Param": config
    }
    
    response = requests.post(url, headers=headers, json=body, timeout=30)
    result = response.json()
    
    if result.get("code") != 2000:
Confidence
92% confidence
Finding
response = requests.post(url, headers=headers, json=body, timeout=30)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes use of environment variables containing sensitive credentials and device tokens, and it clearly performs outbound API calls, but no explicit permissions are declared. This creates a transparency and governance gap: a user or platform may not realize the skill can access secrets and communicate externally, increasing the risk of unintended credential exposure or misuse if the skill is installed or extended.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal