ClawHub

Living Room Smoke Detector

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it handles a local hub bearer token while disabling TLS verification for a safety-related smoke alert workflow.

Install only if you understand this is a local backup alarm, not a certified smoke detector. Use it only on a trusted network, protect the Dirigera token file, verify the hub IP, and prefer a version that validates or pins the hub certificate before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill documentation shows capabilities to read and write local files, access the network, and invoke shell commands, but it declares no permissions. That creates a transparency and trust problem: operators may install or run the skill without understanding that it can contact a local hub, read tokens from disk, write state files, and execute local binaries such as afplay, say, and ffmpeg.

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The documented purpose understates notable behavior: local generation of audio via text-to-speech/ffmpeg and reliance on external cron for periodic execution rather than enforcing scheduling itself. While this is not overtly malicious, mismatches between stated behavior and actual capabilities can mislead users during review and approval, causing them to grant access to a skill whose operational behavior and dependencies are broader than advertised.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code explicitly disables TLS hostname and certificate verification when connecting to the hub. This enables man-in-the-middle attacks on the local network, allowing an attacker to spoof the Dirigera hub, falsify sensor readings, or capture the bearer token used for authentication. In a smoke detector skill, spoofed 'safe' readings are especially dangerous because they can suppress emergency alerts.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal