ClawHub

Victron Power System Monitor - Boat, RV and Power Systems

Security checks across malware telemetry and agentic risk

Overview

This Victron monitoring skill looks purpose-aligned, but it should be reviewed because it handles an API token and private power-system telemetry with weak storage, output-path, and disclosure practices.

Review before installing. Use a dedicated read-only VRM token, store it in an environment variable or secret manager rather than editing it into source, rotate it if exposed, change the output path to a private configurable directory, protect cron logs and generated reports, and pin dependencies before running automated daily monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes behavior that requires network, file read/write, and likely environment access, but it does not declare permissions. This creates a transparency and containment problem: users and the hosting platform may grant or infer broader capabilities than expected without explicit review, increasing the chance of unintended data access or exfiltration through report generation and API calls.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide instructs users to create and use a long-lived VRM API token and later automate report generation/emailing, but it provides no warning about secure storage, least privilege, token rotation, or the sensitivity of power-system telemetry. This increases the chance that users will hardcode credentials, leak them in logs or source control, or expose private operational data through automated reports.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup instructions tell users to hardcode a live VRM API token directly into the Python script. Embedding credentials in source files is dangerous because tokens can be exposed through file sharing, backups, logs, version control, or accidental disclosure, allowing unauthorized access to the user's Victron installation data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill sends battery, solar, hardware status, and alarm telemetry by email but does not warn users that operational system data will be disclosed through email channels. Email may be forwarded, stored indefinitely, or transmitted through third-party infrastructure, so omitting a privacy notice can lead users to expose sensitive location, asset, or system health information unintentionally.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script writes a report containing operational system data to a hard-coded absolute path under a specific user's home directory without validating the environment or file permissions. This can expose sensitive monitoring data to unintended local users, overwrite files unexpectedly, or fail unsafely when deployed on a different host layout.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Boat Daily Check Requirements
# Python 3.7+

requests>=2.28.0
Confidence
93% confidence
Finding
requests>=2.28.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal