ClawHub
Back to skill

Security audit

WOLP LAN Power Control

Security checks across malware telemetry and agentic risk

Overview

This LAN power-control skill is mostly coherent, but it includes privileged client installation guidance and a LAN web UI with known default credentials that users should review before installing.

Install only if you intend to manage LAN power-control hosts. Use dry-run first, avoid broad invocation for general network administration, require explicit approval before package installs or service/config changes, and change the WOL-plus Web UI password before exposing it on the network.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes persistent reads and writes to `assets/devices.json`, but no explicit permission declaration is present to signal that the skill stores and modifies local data. This creates a transparency and governance problem: an agent may alter persistent state without clear operator awareness, and the stored inventory includes network identifiers and action history.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared purpose is limited to sending LAN power-control packets, but the documentation also introduces inventory management, metadata persistence, and device listing. This broader behavior expands the skill from ephemeral packet sending into local asset tracking, which changes the privacy and security posture and may cause users or reviewers to underestimate its capabilities.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill claims to send wake/shutdown packets from the agent host, but the documentation additionally instructs the agent to install software on remote machines, manage a service, configure files, and verify a web UI. That materially enlarges the operational scope from packet transmission to remote software deployment and system administration, increasing the risk of unauthorized changes to target systems.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documentation authorizes package installation, service management, and direct configuration edits on target machines even though the stated purpose is only LAN packet sending. This mismatch can cause an agent to perform privileged remote administration actions that users did not reasonably request or reviewers did not authorize.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The documentation publishes a remote web UI endpoint with default credentials (`admin` / `admin123`) and presents them as normal access details. Default credentials on a network-accessible management interface are a serious security weakness because they are easily guessed, encourage insecure deployment, and may expose device-control functionality to anyone on the reachable network.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The script persists and updates a local device inventory with MAC addresses, hosts, ports, and activity timestamps, which expands its behavior beyond merely sending one-off wake/shutdown packets. That creates an unnecessary local data store of network asset information and usage history, increasing privacy and security exposure if the file is later accessed or modified by other local processes.

Description-Behavior Mismatch

Low
Confidence
76% confidence
Finding
The `list` action exposes resolved inventory contents, including device names, MAC addresses, hosts, broadcast IPs, and ports, even though this capability is not described in the skill metadata. Undocumented enumeration features widen the accessible attack surface and can disclose useful internal network mapping data to whoever can invoke the skill.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger guidance says to use the skill whenever the user wants to control a device on the local network, which is much broader than waking or sending a specific shutdown magic packet. Overbroad invocation increases the chance the agent selects this skill for unrelated network-control requests, leading to unintended packet transmission or inappropriate installation/configuration steps described later in the file.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill automatically writes resolved device information and success metadata to persistent storage after non-dry-run operations without an up-front warning or opt-in. Silent persistence of MAC addresses, IPs, and action timestamps can create privacy, audit, and data-retention risks, especially if users expect a one-off network packet operation.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
Publishing default Web UI credentials without requiring immediate change normalizes insecure authentication for a management surface. In context, this is especially dangerous because the skill concerns power control and client management on LAN hosts, so compromise of the UI could enable unauthorized shutdown actions, configuration changes, or broader footholds on internal systems.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The script writes back device activity metadata such as `last_action` and `last_success_at` automatically after successful operations, without making that persistence prominent at execution time. Silent stateful logging can surprise users and create a local audit trail of device operations that may expose network behavior and device identities.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.