ClawHub

BRICKS CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is powerful but its device control, LAN discovery, MCP/ACP bridging, and shell-capable workflows are disclosed and fit its BRICKS CLI administration purpose.

Install only if you administer BRICKS devices or workspaces. Use it on trusted networks, protect and rotate device passcodes, avoid transmitting bearer tokens on shared LANs, prefer deny-all or interactive approvals for ACP, and remove persistent acpx config when not actively needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill's trigger description is extremely broad, covering cloud administration, LAN discovery, device control, project initialization, deployment, and desktop-agent bridging. This increases the chance the skill is invoked in situations beyond the user's intent, exposing powerful operations such as device management and local bridge activation when a narrower tool or workflow should have been used.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to enable local debugging, LAN discovery, and MCP, and it mentions a default passcode without warning that these settings expose a device management/debug interface to other systems on the local network. In practice, users may leave the default passcode in place or enable these features on untrusted/shared networks, which increases the risk of unauthorized discovery, access, and control of the device.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example shows sending a bearer token to an MCP endpoint over plain HTTP, which can expose the passcode to interception by any party able to observe local network traffic. Because the endpoint appears to provide powerful debugging and control capabilities, disclosure of that token could enable unauthorized access to logs, automations, and device operations.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Security

- **Auto-approve risk:** Running `acpx --approve-all` allows the bridged agent to execute bash commands without confirmation. Prefer explicit approval or `--deny-all` for untrusted prompts. Never combine `--approve-all` with persistent config in unattended/shared environments.
- **Persistent config:** Creating `~/.acpx/config.json` enables future ACP sessions without re-specifying the agent. This is convenient but means any process that invokes `acpx bricks` can start a session with project file access. Remove the config when not actively needed.
- **Device passcodes:** LAN device MCP bridging (`mcporter`) requires passing device passcodes as Bearer tokens. Treat passcodes as secrets — do not log or commit them.
- **LAN discovery:** `bricks devtools scan` broadcasts on the local network. Only run on trusted networks.
Confidence
98% confidence
Finding
without confirmation

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Security

- **Auto-approve risk:** Running `acpx --approve-all` allows the bridged agent to execute bash commands without confirmation. Prefer explicit approval or `--deny-all` for untrusted prompts. Never combine `--approve-all` with persistent config in unattended/shared environments.
- **Persistent config:** Creating `~/.acpx/config.json` enables future ACP sessions without re-specifying the agent. This is convenient but means any process that invokes `acpx bricks` can start a session with project file access. Remove the config when not actively needed.
- **Device passcodes:** LAN device MCP bridging (`mcporter`) requires passing device passcodes as Bearer tokens. Treat passcodes as secrets — do not log or commit them.
- **LAN discovery:** `bricks devtools scan` broadcasts on the local network. Only run on trusted networks.
Confidence
98% confidence
Finding
Auto-approve

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal