ClawHub

jf-open-pro-device-reboot

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can immediately reboot or shut down a remote device and sends credentials to an environment-selected API host without enough guardrails.

Install only if you trust the publisher and understand that running the script can take a device offline immediately. Set JF_ENDPOINT only to an official JF regional host, protect the JF_* secrets, and prefer using --confirm until the skill adds default confirmation and endpoint allowlisting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'url' from os.getenv (line 55, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}
    }
    
    response = requests.post(url, headers=headers, json=body, timeout=30)
    result = response.json()
    
    if result.get("code") != 2000:
Confidence
91% confidence
Finding
response = requests.post(url, headers=headers, json=body, timeout=30)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes use of environment variables for secrets and network access to a remote API, but no explicit permissions are declared. This creates a trust and review gap: the skill can access sensitive credentials and perform remote device-control actions without transparent permission metadata, increasing the chance of unintended secret exposure or unauthorized operational impact.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Destructive operations such as reboot and shutdown execute without confirmation unless --confirm is explicitly supplied, so accidental or automated invocation can disrupt device availability immediately. In a remote-management skill, this increases the chance of unintended outages and makes misuse easier in scripts or agent workflows.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal