ClawHub

ROS

Security checks across malware telemetry and agentic risk

Overview

This ROS skill is purpose-built for robot control and discloses that it can move or change robot state, but users should treat it as a real-world control surface.

Install only if you intend to let an agent inspect or control a ROS/ROS2 system. Use a simulator first, verify the target IP/port before issuing commands, keep robots in a clear area with an emergency stop available, and require explicit human approval before movement, service calls, parameter changes, or action goals on real hardware.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill exposes shell-capable operational commands but does not declare permissions, which weakens policy enforcement and user awareness around a tool that can interact with external systems and issue robot-control actions. In this context, the missing permission declaration is especially risky because the documented commands can move robots, call services, and alter parameters, creating real-world safety and operational consequences if invoked unexpectedly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README includes concrete robot actuation examples such as publishing to /cmd_vel to move a robot, but it provides no safety warning, environment constraints, or recommendation to verify the target system before executing commands. In a robotics-control skill, omission of physical-world safety guidance increases the chance that an agent or operator will issue movement commands to real hardware in an unsafe setting, potentially causing collisions, property damage, or injury.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation description is broad enough to match informational ROS questions as well as control tasks, increasing the chance that the agent routes benign queries into a high-impact robot-control skill. That is dangerous here because the skill is not merely educational or read-only; it includes publish, service, parameter, and action commands that can change robot state or cause physical motion.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This command reference documents direct robot-motion primitives such as publishing to /cmd_vel and motion sequences, but it does not include any warning, gating, or operator-safety guidance about physical movement. In a skill explicitly intended to control ROS/ROS2 robots, omission of safety constraints materially increases the chance of unsafe or unintended actuation, especially if an agent or user copies examples verbatim onto a real robot.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The reference documents state-changing service calls and parameter writes without warning that these operations can reset systems, alter behavior, or change runtime configuration. In ROS environments, such mutations can affect robot state, application behavior, or safety-related settings, so presenting them as routine commands without caution makes accidental misuse more likely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This CLI intentionally exposes state-changing robot operations such as topic publishes, service calls, action goals, and parameter writes without any explicit safety confirmation, policy gate, or high-risk warning at the point of use. In the ROS/ROS2 context, these commands can directly move hardware, alter system state, reset components, or trigger unsafe actuator behavior, so omission of safety interlocks materially increases the chance of harmful misuse or operator error.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal