ClawHub

NWO Robotics

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for robot and IoT control, but it can send broad real-world action commands through an API key without clear limits or confirmation steps.

Review before installing. Use this only with authorized NWO Robotics accounts, preferably test or scoped credentials, and only where separate safety controls require human approval before movement, patrol, emergency stop, manipulation, or general task execution. Keep NWO_API_URL pointed at a trusted endpoint and assume robot commands and identifiers will leave the local environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The README makes mutually inconsistent security claims: it says input is sanitized and only allowlisted commands are processed, yet also advertises 'Any natural language instruction.' That contradiction can cause operators to over-trust the skill’s safety model and deploy it in environments where open-ended command interpretation could trigger unintended robot or IoT actions.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The module advertises 'secure robot control,' but the implementation routes unmatched input to a broad task-execution endpoint, creating a mismatch between the stated purpose and actual capabilities. In a robotics context, overbroad command handling increases the chance that ambiguous or malicious prompts trigger unintended real-world actions through the external API.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill sends arbitrary user input to a 'plan_and_execute' API action, which effectively grants open-ended remote actuation beyond the narrow robot-control commands described elsewhere. In a physical robotics environment, this can enable unsafe, unauthorized, or destructive behavior if a user submits harmful instructions or if the upstream planner interprets ambiguous text dangerously.

Vague Triggers

High
Confidence
90% confidence
Finding
Advertising 'Any natural language instruction' implies essentially unrestricted task activation, which is especially dangerous in a robotics skill because ambiguous or adversarial phrasing may be interpreted as operational commands. In a real-world control context, broad triggers increase the chance of unsafe motion, unintended actuator control, or misuse beyond the documented command set.

Missing User Warnings

High
Confidence
92% confidence
Finding
The README presents robot-control actions such as movement and emergency stop as simple examples without any warning about physical safety, authorization, or environmental preconditions. In a robotics setting, omission of these cautions can normalize direct execution of commands that may affect people, equipment, or ongoing operations.

Missing User Warnings

High
Confidence
95% confidence
Finding
The supported command list includes high-impact operations like stopping all robots, moving robots, patrol mode, pickup, and path-following, but provides no safety warning, approval workflow, or mention of real-world consequences. Because this skill targets physical systems, that omission materially increases the risk of accidental or unauthorized actions causing operational disruption or physical harm.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill explicitly enables control of physical robots, IoT devices, vision, voice, and task orchestration, but the description provides no meaningful warning about real-world safety risks, authorization requirements, environmental hazards, or the consequences of issuing dangerous commands. In this context, missing safety guidance is more serious than in a purely informational skill because ambiguous or unsafe natural-language actions could cause physical harm, property damage, privacy violations, or unsafe robot behavior if users invoke it in live environments.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example trigger phrases include very broad commands like "Stop everything now" that can plausibly collide with ordinary speech or unrelated user input. In a robot-control skill, ambiguous activation phrases increase the chance of unintended invocation of safety-critical actions, especially if examples are later used as training data, prompt templates, or matching rules.

Missing User Warnings

High
Confidence
95% confidence
Finding
The examples present safety-critical robot control operations, including emergency stop and movement commands, without any warning, operator confirmation, authorization boundary, or mention of physical-world hazards. This normalizes direct execution of commands that could halt equipment or move robots in occupied spaces, creating risk of accidental disruption, damage, or injury if implemented as shown.

Missing User Warnings

High
Confidence
91% confidence
Finding
Sensitive robot-control actions such as emergency stop, movement, patrol changes, and general task execution are triggered directly from natural-language matching without confirmation, role checks, or operator intent verification. For systems controlling physical devices, accidental phrasing, prompt injection through upstream agents, or unauthorized use could immediately affect live equipment and safety-critical operations.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill forwards user instructions and identifiers to external APIs, but there is no user-facing disclosure or consent flow indicating that prompts and account metadata will leave the local environment. This is primarily a privacy and governance issue, and becomes more significant because robot commands, sensor queries, and user IDs may reveal sensitive operational details about physical infrastructure.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest advertises broad natural-language control over robots and IoT devices without stating clear boundaries, approval requirements, or constrained intents. In a physical-control context, ambiguous activation scope increases the chance of unintended or over-privileged actions being triggered from vague user prompts or prompt-injection-style misuse routed through the agent.

Missing User Warnings

High
Confidence
94% confidence
Finding
This skill enables physical-world actions including robot movement and emergency stop, but the manifest provides no safety warnings, operational constraints, or human-in-the-loop safeguards. In robotics and IoT contexts, missing warnings and controls can lead to unsafe activation, operational disruption, equipment damage, or injury if users or downstream agents issue commands without understanding the consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal