ClawHub

Homeclaw

Security checks across malware telemetry and agentic risk

Overview

HomeClaw is an instruction-only family assistant skill, but it describes medical, emergency, child, smart-home, and pet-care control without enough safety boundaries.

Review carefully before using this with real household devices or family data. Do not rely on it for emergencies, medical decisions, child safety, pet feeding, locks, alarms, or other smart-home/security actions unless you add explicit confirmations, safe defaults, manual override, per-person permissions, device allowlists, audit logs, and clear data retention and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes health monitoring, medication reminders, and emergency alerts for elderly users without any warning about false positives, missed detections, device failure, or the need for human verification. In a family-care context, users may over-trust the system for safety-critical decisions, which could delay real medical attention or cause harmful panic from inaccurate alerts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises automated smart-home control, pet feeder control, and scene automation affecting the home environment and dependents, but does not warn about the physical consequences of erroneous or mistimed actions. In this context, automation errors could affect children, elderly family members, pets, home access, or feeding schedules, making omission of safety guidance materially risky.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal