ClawHub
Back to skill
v1.0.2

Control Usb Relay

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:27 AM.

Analysis

This appears to be a straightforward USB relay controller, but it can switch real connected hardware and requires serial-port setup.

GuidanceThis skill is coherent for USB relay control and does not show hidden data access or exfiltration. Before installing or using it, make sure the connected device is safe to switch, confirm relay actions explicitly, and review any privileged setup commands you choose to run.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
relay.py
print("Turning ON relay...")
        relay.turn_on()
...
        print("Toggling relay...")
        relay.toggle()

Running the included test path physically actuates the connected relay. This is purpose-aligned, but it can affect real equipment.

User impactIf invoked or tested, the skill can turn connected devices on or off.
RecommendationUse only with known safe loads, keep the relay disconnected during initial setup if needed, and require explicit user confirmation before switching.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusNote
USAGE-GUIDE.md
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -
sudo apt-get install -y nodejs

The optional setup guide includes a remote script executed with sudo. It is user-directed and disclosed, but users should treat it as a privileged supply-chain step.

User impactFollowing the full guide may run third-party installer code with administrator privileges.
RecommendationVerify the source before running privileged install commands, prefer trusted distribution packages when possible, and consider pinning Python dependencies such as pyserial.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
setup.md
sudo usermod -a -G dialout $USER

The setup asks the user to grant their account dialout group access, which is expected for serial hardware but broadens serial-device permissions.

User impactThe local user account may gain access to other serial devices, not only this relay.
RecommendationOnly apply the group change on systems where you trust the user account with serial hardware access, and remove the permission if it is no longer needed.