ClawHub

Control4 Home

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Control4 home-control integration, but it exposes broad smart-home and security controls that need careful review before use.

Install only if you trust the agent and users of this machine to control your Control4 home. Protect scripts/.env and device_map.json, prefer the pinned pyControl4 version, and consider removing or disabling the generic call command and security-panel support unless you specifically need them. Use explicit confirmation for relays, doors, gates, garages, alarms, and other safety-sensitive devices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
async def cmd_call(args: argparse.Namespace) -> int:
    director = await _login_and_director()
    obj = _entity_factory(args.entity, director, args.id)
    fn = getattr(obj, args.method, None)
    is_sensitive = any(k in args.method.lower() for k in SENSITIVE_METHOD_KEYWORDS)
    if is_sensitive and not args.allow_sensitive:
        raise RuntimeError(
Confidence
98% confidence
Finding
fn = getattr(obj, args.method, None)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill invokes Python scripts, reads environment variables for credentials, and uses local files, yet the manifest does not declare corresponding permissions or capabilities. This creates a transparency and policy gap: reviewers and users may believe the skill is narrower or less privileged than it actually is, increasing the chance of unsafe deployment or abuse.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior substantially exceeds the stated purpose: beyond lights, relays, and room media, it supports controller discovery, full inventory enumeration, generic arbitrary method invocation, and access to sensitive entity types such as security panels. This is dangerous because it grants a broad control surface that could be used to perform unintended or high-risk operations, including security/entry actions, under a deceptively narrow description.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest markets the skill as home control for lights, relays, room media, and mapping inspection, but the CLI exposes generic invocation across additional entity classes including climate and security panels. That discrepancy can mislead operators into enabling a skill with far broader reach than expected, reducing informed consent and increasing the blast radius of misuse.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Including security-panel control in documentation for a skill framed as lights/relays/media control materially increases risk, especially because arming/disarming and related entry/security actions are safety-critical. In this context, the mismatch makes the capability more dangerous, not less, because users and reviewers are less likely to apply the scrutiny appropriate for a security-control skill.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file description and implementation explicitly support generic exposure of pyControl4 entity methods, while the skill metadata only justifies lights, relays, room media, and device mapping. That scope expansion materially increases risk because the same interface can be used to control unrelated home systems such as climate, blinds, fans, and controller-level functions not expected by the user.

Context-Inappropriate Capability

Critical
Confidence
99% confidence
Finding
Importing and exposing `C4SecurityPanel` within a home-control skill that does not claim security functionality creates unjustified access to alarm-related operations. In context, enabling alarm arming/disarming through a generic CLI is especially dangerous because it can directly weaken physical security of the home, and the only protection is a brittle keyword gate in another function.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The `cmd_call` implementation provides arbitrary generic method invocation on selected Control4 entities with user-controlled method names and arguments. Because the chosen entity set includes high-impact objects such as `director` and `security-panel`, this effectively grants controller-wide capabilities that exceed the skill's stated purpose and can enable physical-world actions like opening relays, changing sources, manipulating environmental controls, or interacting with alarm functionality.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Sensitive actions are gated only by a client-side `--allow-sensitive` flag plus substring matching against a small keyword list. That safeguard is weak: dangerous methods may not match the keyword set, benign names may be misclassified, and any caller able to invoke the CLI can simply supply the flag, so there is no meaningful policy enforcement before high-impact home-control operations occur.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This file converts arbitrary natural-language requests into real home-automation actions such as toggling relays, changing lights, muting rooms, and switching media sources, then immediately executes them. In an agent skill context, lack of confirmation, authorization checks, or safety interlocks makes unintended or adversarial prompts capable of causing physical-world actions in the user's environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal