ClawHub

Solo CLI Guide

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate human-guided Solo CLI tutor, but it needs review because it guides real robot motion without consistent safety checkpoints.

Install only if you are comfortable manually running robotics setup commands. Before teleop, replay, or inference, clear the workspace, keep people away from the arm, confirm calibration and the correct follower/episode/model, and know how to stop or power down the robot immediately. Review remote installer and source-install commands before running them, avoid sharing tokens in chat, and inspect datasets or models before pushing them to HuggingFace or enabling W&B.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The replay action causes real physical motion on a robot arm, but the entry does not specify clear trigger constraints, operator confirmation, workspace safety checks, or preconditions beyond calibration. In an interactive agent setting, this ambiguity can allow the command to be suggested or invoked too broadly, increasing the chance of unintended robot motion, collision, or harm to nearby equipment or users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The dataset-recording flow includes an option to push recordings to HuggingFace Hub, but it does not explicitly warn the user that this transmits potentially sensitive robot data, videos, and metadata to a remote service and may publish it beyond the local machine. Users may enable upload without understanding the privacy, confidentiality, or licensing implications of the recorded data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The --yes / -y option auto-applies saved replay settings for a command that drives physical robot motion, yet the skill does not provide a safety warning or require renewed operator confirmation. Automatically reusing prior settings can cause replay on the wrong arm, in an unsafe environment, or under changed physical conditions, leading to unintended movement and possible collision.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The device commands expose real-world hardware actions such as motor ID assignment, calibration, and diagnostics, and the descriptions are broad enough that an agent could invoke them from loosely related user requests like 'fix my arm' or 'set up the robot.' Because these actions affect physical robot state and may require safe conditions or operator supervision, unintended invocation could lead to misconfiguration, interrupted operation, or unsafe movement during calibration workflows.

Missing User Warnings

High
Confidence
96% confidence
Finding
The manifest instructs users to execute remote installer scripts directly from the network via shell and PowerShell pipe-to-execution patterns. This is dangerous because any compromise of the upstream host, TLS interception, DNS hijack, or malicious script update would lead to immediate arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This is a real safety weakness: the skill instructs a user to start live teleoperation of a physical robot arm, but the description, explanation, and notes omit an explicit warning about pinch/crush hazards, collision risk, workspace clearance, and emergency stop readiness. In a teleoperation context, unexpected or mirrored motion can directly injure a nearby person or damage equipment, especially because the validation step expects physical movement and the command supports auto-applying saved settings.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The inference entry describes autonomous robot operation but does not clearly state activation boundaries, required human confirmation, or safety preconditions before motion begins. In a robotics context, ambiguity around when autonomous execution starts can lead to unintended arm movement, creating physical safety risk and reducing operator control.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
This skill text normalizes running a trained policy in closed loop on a physical follower arm and validates success by observing autonomous movement, yet it lacks opt-in, safety gating, or stop-condition language. Because this is a robotics training/inference skill operating real hardware, omission of explicit safety controls materially increases the chance of unsafe motion, collisions, or harm to nearby people/equipment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The teleoperation step initiates real-time robot motion but does not explicitly warn the user to keep people, hands, hair, and other body parts clear of the workspace before motion begins. In a robot-arm setup tutorial, this omission materially increases the risk of pinch, collision, or entanglement injuries, especially for first-time users who may treat the step as routine software validation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tutorial explicitly instructs the user to delete a partial dataset and re-record, but it does not provide a clear warning that this action may permanently destroy previously collected data. In a data-collection workflow, users may misidentify a dataset as incomplete or delete valuable recordings without understanding the consequences, causing irreversible data loss.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill directs the user to run inference where the follower arm will begin acting autonomously, but it omits basic physical safety precautions such as clearing the workspace, maintaining an emergency stop path, and keeping body parts away from moving hardware. Because this is real-world robot actuation, the lack of a safety warning increases the risk of injury, collision, or equipment damage if the policy behaves unexpectedly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal