ClawHub

PLC Skill

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only PLC assistance skill with safety-sensitive engineering caveats but no hidden execution, credential access, persistence, or data exfiltration behavior.

Reasonable to install as a PLC reference skill, but treat its outputs as engineering drafts. Do not apply generated PLC logic to live machinery without vendor/model confirmation, simulation or staging tests, safety review, and site change-control approval. Be careful with the documented --force update and sudo chown commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The document explicitly says active-low/NC signals should be normalized so that 'TRUE = OK', but the sample code assigns raw addresses directly without inversion. In PLC safety/interlock logic, this can silently reverse the meaning of E-stop or overload inputs, causing unsafe permissives, blocked trips, or misleading status during commissioning and maintenance.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The document teaches that physical addresses should be isolated to dedicated mapping layers, yet the equipment-module usage example passes raw %I/%Q addresses directly in main-program code. This inconsistency encourages erosion of the abstraction boundary, making later maintenance, simulation, change control, and review of safety-relevant I/O behavior more error-prone.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Documenting '--force' without warning can cause users to overwrite local modifications or lose uncommitted work in the installed skill directory. In an agent-skill ecosystem, this can erase local hardening, auditing notes, or customized safeguards, making recovery difficult and potentially reintroducing insecure defaults.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Advising users to run 'sudo chown -R $USER ~/.openclaw/workspace/skills/' without caution encourages privilege escalation and recursive ownership changes. If copied blindly, this can alter file ownership broadly, mask underlying permission issues, and weaken local system hygiene; in shared or misconfigured environments, the impact can extend beyond the intended directory.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The markdown describes direct output mapping to physical %Q addresses and a simulation override that can replace real inputs, but it does not warn readers to use test benches, simulation CPUs, or validated safe modes before applying this on live equipment. In an industrial-control skill, omitted safety framing is more dangerous because users may adapt the pattern directly into running machinery, risking unintended energization or masked field conditions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document states that logic, variables, and even I/O modules can be changed while the controller is running, but it does not prominently warn that online edits on live industrial control systems can alter process behavior, create unsafe transient states, or disrupt interlocks if performed without formal change control and field validation. In a PLC skill, this guidance is more sensitive because readers may treat it as operationally safe default practice during commissioning or production support.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal