ClawHub

Universal Robots 机器人控制技能 - URSim 仿真 + URScript + RTDE

Security checks across malware telemetry and agentic risk

Overview

This robot-control skill is mostly transparent about its purpose, but it includes runnable scripts that can immediately move a robot, apply force, or change I/O without consistent safety gates.

Install only if you understand UR robot safety and will use it first in URSim. Before running any test or demo, verify the target IP is a simulator or isolated test controller, keep the workcell clear, have emergency stop available, and review scripts that write outputs, apply force mode, or move joints. Avoid the Docker relocation and firewall-disabling instructions unless you have backups and know how to roll back the system changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (29)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"[FAIL] Cannot import ur_rtde: {e}")
    print("\nTrying to install...")
    import subprocess
    subprocess.check_call([sys.executable, "-m", "pip", "install", "ur_rtde"])
Confidence
90% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "ur_rtde"])

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation explicitly states the skill was only validated in URSim, yet it also includes concrete migration steps, real-robot IP configuration, and a real-hardware test path. In a robotics control skill, this creates a meaningful safety risk because users may treat the included real-robot instructions as sufficiently vetted and execute motion or force-control commands on physical equipment without validated safeguards.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The script is explicitly capable of connecting to a robot controller over the network and issuing real motion and I/O commands, despite the documentation stating it was only tested in simulation. In a robotics context, this mismatch is safety-relevant: an operator may rely on the warning as sufficient mitigation, but the code still performs live actuation with hard-coded target coordinates and no runtime safety interlocks, workspace validation, or controller-state checks.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The markdown report derives each individual test's displayed status from the aggregate number of passed tests instead of the actual result for that specific test. This can falsely mark safety-critical robot tests as passed, causing operators or downstream reviewers to trust motion, IO, or force-mode validation that never actually succeeded.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs users to stop Docker, copy and move Docker state, and replace the original path with a symbolic link, all with forceful commands and without prominent backup, rollback, or corruption warnings. This creates a real safety issue because a user can lose Docker state, break Docker Desktop startup, or leave the environment in an inconsistent state if migration is interrupted or the layout differs from the author's assumptions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The quick-start PowerShell script is directly runnable and performs impactful system changes: it force-kills Docker Desktop, stops services, moves Docker data, creates a symlink, and overwrites daemon.json. Because it is presented as a convenience script without strong warnings, validation, backup checks, or confirmation prompts, it materially increases the risk of service disruption, configuration clobbering, and irreversible local data loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly instructs users to disable the Windows Defender firewall for testing, but does not clearly warn about the security consequences or limit the scope/duration of that action. Disabling the firewall can unnecessarily expose the host to network attacks, especially because the same guide also enables network-accessible simulator services on multiple ports.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The release report includes quick-start commands and examples for installing dependencies, running tests, and executing robot movement examples, but it does not prominently warn that these actions can cause physical robot motion or I/O changes on real hardware. In a robotics skill, omitting explicit safety guidance increases the risk that a user runs examples in a live environment without validating workspace safety, potentially causing unintended movement, collisions, or actuator/output activation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The motion-control examples provide direct robot movement primitives for pick-and-place operations without nearby safety warnings, precondition checks, or simulator-only guidance. In a robotics training guide, readers may copy these examples onto real hardware, creating collision, pinch, or payload-handling hazards if workspace, speed limits, tooling, and emergency-stop procedures are not established first.

Missing User Warnings

High
Confidence
96% confidence
Finding
The force-control example commands a downward force on the Z axis but does not warn about contact hazards, force limits, fixture stability, or the need for supervised commissioning. Force mode on physical robots can damage workpieces, end effectors, or injure operators if applied to the wrong frame, with incorrect bounds, or in an uncontrolled environment.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This summary documents robot motion control, IO control, force mode, and packaging/publishing steps, but it does not include any explicit safety warning about real-world actuator movement, hardware state changes, or the consequences of running examples/tests against a live robot. In a robotics skill, omission of such warnings can lead operators to run commands in unsafe conditions, potentially causing unintended motion, equipment damage, or safety incidents.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document provides direct robot motion, force-control, and digital-output commands, including examples that would cause physical movement or energize outputs, but it does not include any safety prerequisites, simulation-only guidance, workspace clearance requirements, or emergency-stop warnings. In a robotics context, omission of these safeguards can lead users to run examples on real hardware and cause collision, pinching, tooling damage, or unsafe force application.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide directs users to execute motion and IO-control tests, including joint movement, Cartesian movement, and digital output control, but does not include an explicit safety warning, preconditions, or operator safeguards. In a robotics context, even simulator-oriented procedures can be reused against real hardware, and absent warnings about clearance, emergency stop readiness, reduced speed, and tool/load state can lead to unintended actuation and equipment or personnel risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manual Docker reconfiguration steps can cause service interruption and potentially data loss if users move Docker's data directory incorrectly, overwrite an existing destination, or create a broken symlink. In this skill context, the instructions are operational rather than overtly malicious, but they encourage privileged system changes without prominently warning about backups, existing containers/images, rollback steps, or administrator requirements.

Missing User Warnings

High
Confidence
96% confidence
Finding
The script connects to a physical UR robot and immediately issues motion commands via sendPose() in sequence without any operator confirmation, interlock check, or explicit safety precondition. In a robotics context, unaudited automatic motion is dangerous because it can cause unexpected arm movement, collisions, or injury if the workspace is occupied or the robot is not in a known-safe state.

Missing User Warnings

High
Confidence
96% confidence
Finding
This script initiates physical robot motion immediately when run, without any operator confirmation, safety interlock, simulation mode, workspace validation, or emergency-stop check. In the context of industrial robot control, even hardcoded movements are dangerous because accidental execution can cause collisions, equipment damage, or bodily injury if the robot is not in the expected state or environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This example sends URScript commands over the network to toggle robot digital outputs and tool outputs, but it provides no explicit safety warning, access control, or operational guardrails. Even though the commands are hardcoded, activating I/O can energize connected actuators, relays, indicators, or tools and may trigger unintended physical behavior in attached equipment.

Missing User Warnings

High
Confidence
99% confidence
Finding
In real mode, the script executes robot motion, digital output toggling, and force-control operations immediately with no operator confirmation, interlock, or safety preflight. In a robotics context, this can cause unexpected physical movement or actuator changes that may damage equipment or injure nearby people if the environment is not prepared.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This script sends URScript motion commands directly to a robot controller over a TCP socket, causing physical movement without any explicit operator safety warning, interlocks, or confirmation step in the transmission path. In a robotics context, undocumented or casually-invoked motion is inherently safety-relevant because a user may run the script in the wrong environment or without clearing the workcell, increasing risk of collision or injury.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script issues force-mode activation and subsequent robot motion commands immediately after connecting, with no operator confirmation, interlock check, workspace validation, or emergency-stop/safeguard verification. In a real UR robot context, enabling downward force control and moving through poses without a human-in-the-loop can cause unintended contact, collisions, or crushing hazards if the robot is in a live cell or the environment is not as expected.

Missing User Warnings

High
Confidence
95% confidence
Finding
This script actively toggles digital outputs DO0-DO7 in sequence immediately after connecting, with no operator confirmation, simulation-only guard, or verification that the outputs are disconnected from real actuators. On a real UR controller, those outputs may be wired to grippers, relays, valves, or external machinery, so executing the test can unexpectedly actuate equipment and create safety or process hazards.

Missing User Warnings

High
Confidence
94% confidence
Finding
The code drives analog output AO0 through multiple voltage levels without checking whether the connected device can safely accept those signals or requiring human acknowledgment. Analog outputs often control speed references, setpoints, or process equipment, so changing them can cause unintended motion, process upset, or equipment damage if run against live hardware.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script directly issues robot joint motion commands for all six axes immediately after connecting, without any operator confirmation, safety interlock check, workspace clearance validation, or emergency-stop gating. In a physical robotics context, unexpected motion can cause collisions, equipment damage, or human injury, so the lack of a deliberate pre-move authorization step is a real safety/security issue.

Missing User Warnings

High
Confidence
96% confidence
Finding
This script sends URScript motion commands directly to a UR robot/URSim over the network and immediately executes multiple joint and Cartesian moves without any operator acknowledgment, interlock check, workspace validation, or explicit physical safety warning. In robotics contexts, unaudited remote motion can cause collisions, pinch hazards, equipment damage, or unsafe movement if the endpoint is connected to a real robot rather than only a simulator, so the lack of pre-execution safety controls is a real safety/security weakness.

Missing User Warnings

High
Confidence
96% confidence
Finding
This script issues real robot motion commands and toggles a digital output immediately after connecting, with no operator confirmation, no safety interlocks, no simulation-only enforcement, and no emergency-stop or workspace validation logic. In a robotics context, automatic motion and IO changes can create physical safety hazards, equipment collisions, or unintended actuation if the target is a real controller rather than an isolated simulator.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal