ClawHub
Back to skill

Security audit

TIA-OPENNESS-COMPLETE-SKILL

Security checks across malware telemetry and agentic risk

Overview

This skill openly does PLC engineering automation, but it can compile and download changes to a controller without built-in safety gates or confirmations.

Install only in a controlled engineering or lab environment unless you add your own safety controls. Before using download or full_automation, verify the target PLC, IP address, interface, project contents, backups, maintenance window, and operator approval. Pin dependencies and avoid using the bundled sample password or IP values as production configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The workflow invokes powerful PLC engineering actions such as project creation, software compilation, and direct download to a controller without any visible trigger restrictions, approval gates, environment checks, or target allowlisting. In an industrial automation context, overly broad action exposure is dangerous because a user, upstream agent, or compromised workflow could push unauthorized logic to a live PLC and affect process availability or safety.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports downloading to PLCs and one-click end-to-end execution, but provides no warning about operational technology risk, safety consequences, or the need for explicit operator approval. In an industrial automation context, automated compile/download can alter live controller behavior, potentially causing production disruption, equipment damage, or unsafe process changes.

Missing User Warnings

High
Confidence
97% confidence
Finding
The download action can push logic to a PLC directly from supplied parameters with no user confirmation, dry-run mode, interlock, or environment check to distinguish a lab device from a live production controller. In an ICS/PLC context, unauthorized or accidental deployment can immediately alter industrial process behavior, causing downtime, unsafe states, or equipment damage.

Missing User Warnings

High
Confidence
99% confidence
Finding
The full automation workflow chains project creation, PLC configuration, code generation, compilation, and download into one path with no explicit deployment approval step. In this skill's context—automation of Siemens TIA Openness PLC engineering—this substantially increases risk because a single invocation can result in direct changes to a controller, making accidental or abusive use far more dangerous than ordinary code automation.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The file defines a powerful download action with no visible constraints, approval gates, target validation, or scope restrictions. In the context of a PLC automation skill, an unrestricted download operation can modify or deploy logic to industrial controllers, which raises safety and operational risks if triggered against the wrong device or environment.

Natural-Language Policy Violations

Low
Confidence
85% confidence
Finding
The skill hard-codes a PLC interface and IP address, which can cause deployment attempts to a fixed industrial target regardless of operator intent or environment. In an automation context, this increases the chance of misdirected downloads, accidental interaction with production equipment, and leakage of sensitive infrastructure details.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The method performs hardware/software download to a PLC with no explicit confirmation, safety interlock, dry-run mode, or user acknowledgement before modifying a live industrial device. In an automation skill whose stated purpose includes compile/download, this is especially dangerous because accidental or automated invocation could disrupt operations, overwrite controller logic, or cause unsafe plant behavior.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pythonnet>=3.0.0
jinja2>=3.0.0
Confidence
95% confidence
Finding
pythonnet>=3.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pythonnet>=3.0.0
jinja2>=3.0.0
Confidence
98% confidence
Finding
jinja2>=3.0.0

Known Vulnerable Dependency: jinja2 — 10 advisory(ies): CVE-2019-10906 (Jinja2 sandbox escape via string formatting); CVE-2014-1402 (Incorrect Privilege Assignment in Jinja2); CVE-2025-27516 (Jinja2 vulnerable to sandbox breakout through attr filter selecting format metho) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
jinja2

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal