Dht11 Temp

Security checks across malware telemetry and agentic risk

Overview

This Raspberry Pi sensor skill is purpose-aligned and disclosed, but users should notice the elevated GPIO access and a verified output-order bug.

Install only on the intended Raspberry Pi, understand that it uses sudo for GPIO access, and verify or fix the output order before relying on readings for automation. Only add the cron entry if you intentionally want scheduled background sensor logging.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The script assigns the return values from read_dht11() as `h, t`, but the function actually returns `(temperature, humidity)`, causing the printed outputs to be reversed. This can mislead downstream automation or users into acting on incorrect environmental readings, which is a real integrity issue for monitoring or control workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal