ClawHub

Sp501lw Mqtt

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate MQTT gateway management tool, but it needs Review because its defaults and examples can expose credentials and device-control traffic for real IoT equipment.

Install only if you control the target gateways and understand that an agent using this skill can send device commands and change gateway configuration. Prefer a private MQTT broker with unique credentials and TLS, avoid the public/default credentials for production, protect or exclude devices.json from sharing or source control, and treat CLI passwords as exposed unless your shell and logs are controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill hardcodes and actively uses default MQTT broker credentials (host, username, and password), causing any device added without explicit overrides to connect through a shared public broker account. In an IoT management context this can expose device control traffic and telemetry to unauthorized parties, enable cross-tenant interference, and normalize insecure deployment with embedded secrets.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation includes concrete default MQTT credentials (`public` / `Aa123456`) and shows them being stored in `devices.json`, which encourages credential reuse and unsafe secret handling. If users adopt these defaults in production or commit the file to source control, unauthorized parties may access the broker or device traffic and issue commands to managed gateways.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The broker/WiFi/device configuration commands accept usernames and passwords directly on the command line without warning that these secrets may be exposed through shell history, process listings, logs, and plaintext local config storage. In a device-management skill, these credentials can provide access to brokers, networks, and downstream industrial equipment, increasing the operational risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The planned OTA workflow shows firmware installation from a URL, including plain HTTP, without warning about authenticity, integrity verification, rollback risk, or trusted update sources. If implemented or followed naively, an attacker able to tamper with the firmware source or network path could deliver malicious firmware and fully compromise the gateway.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example script hardcodes MQTT authentication credentials directly in the command line, exposing sensitive data in source control, shell history, process listings, and copied documentation. In the context of an MQTT management skill that configures real gateways and brokers, users may reuse these example values or model production deployments after them, increasing the risk of unauthorized broker access and downstream device compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The add-device flow stores MQTT usernames and passwords in plaintext in devices.json with no warning, encryption, or access control hardening. In a device-management tool, these credentials can provide direct broker access and potentially allow command injection, telemetry interception, or lateral access to managed IoT devices if the local file is read by another user or process.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The update flow can overwrite and persist MQTT credentials in plaintext without warning, repeating the same secret-handling weakness during routine maintenance. Because these credentials are used for live device control, compromise of the local config can lead to unauthorized broker access and manipulation of managed equipment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal