Back to skill

Security audit

Rdk X5 Gpio

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward RDK X5 hardware-control guide, but users should treat its examples as real hardware-changing actions.

Install only if you intend to control RDK X5 hardware. Before running examples, verify the board pinout, voltage levels, current limits, pull-ups, bus numbers, device addresses, motor or servo drivers, and connected loads. Treat sudo, PWM output, i2cset, serial writes, CAN sends, and sample scripts as actions that can change physical device state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill provides direct GPIO/PWM/I2C/SPI/UART/CAN control instructions that can immediately change hardware state, drive motors/servos, alter bus-attached devices, or energize pins, but it does not warn users about electrical hazards, unexpected motion, bus contention, or possible device damage. In a hardware-control skill, omission of safety cautions materially increases the chance of unsafe operation, especially because examples are ready to run and include write operations to peripherals.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.