ClawHub

RDA MSG Board

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends messages to an RDA LED board, with expected but important risks around plaintext local credentials and plain-HTTP transmission.

Install only if you want your agent to control this physical LED board. Use a unique board password, keep the board on a trusted network, prefer an HTTPS URL if the device supports it, avoid storing credentials in boards.yaml on shared or backed-up machines, and confirm the board and message before sending to a public or shared display.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares no explicit permissions while its documented behavior clearly uses environment variables, local file access for board profiles, and network communication to a physical device. This creates a transparency and trust problem: users and platform policy checks may underestimate the skill's capabilities, including handling stored credentials and sending data over the network.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared purpose says the skill sends scrolling messages, but the documentation also exposes profile management features that create, modify, and remove local configuration containing device IPs, usernames, and passwords. That mismatch is dangerous because users may invoke or install the skill expecting simple message sending, while it also performs credential storage and broader local state changes that materially increase risk.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script persists board credentials to a local YAML file in plaintext, creating a sensitive-data-at-rest risk if the host is compromised, shared, or backed up insecurely. This capability also exceeds the skill's stated message-sending purpose, increasing concern because it introduces credential management functionality not clearly justified by the manifest.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The add command collects and stores device credentials locally, which broadens the skill from simple notification sending into secret management. In this context, that is risky because users may not expect credential retention, and compromise of boards.yaml would expose device access that could be reused to control the physical message board.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance includes very broad patterns such as 'Send [message]', which are likely to match ordinary conversation and cause unintended invocation. In this skill's context, accidental activation can transmit arbitrary user text to a physical LED board, potentially causing embarrassing, disruptive, or misleading public messages.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description does not clearly warn users that messages and possibly credentials are sent over HTTP/JSON to a physical device, which may expose sensitive content on the local network and on a visible public display. Because the board is a physical LED matrix, unintended disclosure is more harmful than a purely internal action: both network observers and nearby people may see the transmitted information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Passwords are written directly to boards.yaml without encryption, masking, or permission hardening, so any local user or process with file access can recover them. Because this skill manages access to a physical LED board, exposed credentials could enable unauthorized message posting or device administration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal