ClawHub

天津安信华瑞科技有限公司-可燃气体报警器主机-配套技能

Security checks across malware telemetry and agentic risk

Overview

This gas-monitoring template mostly matches its stated purpose, but it includes enabled-by-default remote OTA update behavior that can download files and reboot deployed devices.

Review before installing on real hardware. Disable URL_OTA unless you operate and trust the update service, add authenticated and integrity-checked OTA packages before enabling updates, remove full telemetry from OTA checks, and test on non-production devices first. Also confirm that the receiving platform is authorized to receive IMEI, IMSI, ICCID, signal, and gas telemetry data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The code includes OTA update discovery, download, and reboot logic even though the skill description is focused on Modbus data collection and HTTP reporting. This expands the operational scope and trust boundary significantly: a compromised or misconfigured OTA endpoint could push arbitrary firmware/files to the device and trigger a restart.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The OTA check transmits sensitive device and subscriber identifiers including IMEI, IMSI, and prior report payloads to a separate remote service. Sending this data to an additional endpoint increases privacy exposure and creates another exfiltration path if the OTA service is compromised or not intended by the user.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs sending sensor/device data to a customer HTTP endpoint but does not clearly warn that operational data leaves the device or what fields may be transmitted. In this context, the hidden transmission risk is amplified by the broader skill behavior indicating possible inclusion of device/network identifiers in payloads or OTA requests.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The network collection routine gathers IMEI, IMSI, ICCID, cell identifiers, and signal data that are later embedded in outbound HTTP reporting, but this file contains no user-facing disclosure, consent flow, or minimization. These identifiers can uniquely track the device and subscriber and may be unnecessary for routine gas telemetry.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The OTA request includes both device identifiers and the full previous reporting payload in the field http_body, without any evident warning or privacy control. This broadens data sharing beyond telemetry delivery and can leak operational sensor data and subscriber metadata to an unrelated service.

Missing User Warnings

High
Confidence
97% confidence
Finding
The OTA routine automatically downloads files from the server, sets an update flag, and immediately reboots the device with no local confirmation, authenticity verification shown in this file, rollback logic, or maintenance window control. If the OTA channel is compromised, an attacker could install malicious code or brick/disable a safety-relevant gas monitoring device.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide explicitly documents a payload that uploads privacy-sensitive identifiers including ICCID and full IMEI to a customer platform, but provides no warning, minimization guidance, or consent/privacy handling requirements. In an IoT telemetry skill, this is materially risky because these identifiers can enable device tracking, subscriber correlation, and unnecessary exposure of regulated or sensitive metadata if integrators copy the template as-is.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal