ClawHub

SenseRobot元萝卜AI下棋机器人

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed robot-control tool, but it also gives an agent unsafeguarded physical movement plus camera and microphone controls that users should review carefully.

Install only if you own or administer the SenseRobot device and can supervise it in person. Treat arm movement and board cleanup as physical actions requiring confirmation, keep the arm area clear, and use photo or recording commands only with explicit consent from nearby people. Avoid using the image upload command with sensitive local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill documentation exposes capabilities beyond the stated gameplay-control purpose, including photo capture, audio recording, and arbitrary image display. Even if intended for diagnostics or UX, these functions are sensitive and can be repurposed to collect data or present deceptive content without users expecting them from a board-game robot skill.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Audio recording is not obviously necessary for placing stones or moving the robotic arm, yet the skill includes start/stop recording endpoints without any documented consent, duration limits, or handling safeguards. In context, that makes the feature unusually sensitive because it enables covert capture of nearby conversations in a physical environment.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
Photo capture is also outside the core expectations of a chess-placement skill and is insufficiently justified in the documentation. Although cameras may support board detection, exposing a generic photo endpoint without privacy guidance or scope restrictions increases the chance of collecting unnecessary images of users or surroundings.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The API reference exposes capabilities for photo capture, microphone recording, and arbitrary image display that go beyond the skill's stated purpose of controlling a chess robot for gameplay and board management. In an agent setting, undocumented or weakly justified peripheral-control features increase the risk of covert surveillance, social engineering, or misuse of the robot as a general sensing/output device.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill description says it controls robot chess, arm motion, expressions, and speech, but the code also supports photo capture, audio recording, and image display. This capability mismatch is security-relevant because users and reviewers may authorize the skill for robot control without realizing it can collect sensor data or render arbitrary local content.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The `show_image` feature accepts an arbitrary local file path and uploads that file to the robot, while this behavior is not clearly justified by the stated skill purpose. If an attacker can influence the path, the skill can exfiltrate local files from the host environment to the robot service, which is especially concerning because the capability is under-disclosed.

Vague Triggers

Medium
Confidence
79% confidence
Finding
Broad trigger phrases like “下棋机器人” and “机械臂控制” can cause accidental invocation during ordinary conversation. In this skill, mis-triggering is more serious than a harmless chat action because the endpoints can move a physical robot arm, clear a board, record audio, or take photos.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill documents camera and recording functions but provides no user-facing privacy warning, consent flow, or notice about what is captured and how it is handled. Because these are direct sensing capabilities in a real-world environment, omission of privacy disclosure materially raises the risk of unauthorized surveillance and user surprise.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The board-cleaning operation physically alters the user's environment and can destroy the current game state, yet the documentation does not emphasize that consequence or require confirmation. In context, unintended execution could cause loss of work, confusion, or even minor physical interference while users are interacting with the board.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented photo API allows capture from multiple cameras, including a front-facing camera, but provides no consent flow, user notification, or usage restrictions. In this skill context, camera access is more dangerous because the skill is presented as a board-game robot controller, so users may not reasonably expect person-facing image capture unrelated to chess operations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The recording API supports starting and stopping microphone capture and returning raw audio data, yet the documentation includes no warning, consent requirement, or data-sensitivity guidance. This creates a clear privacy and surveillance risk, particularly because microphone access is not necessary for the core stated purpose of moving pieces and managing a chessboard.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The cheat sheet documents a destructive physical action endpoint for clearing the board without any warning, confirmation requirement, or mention of operational safety constraints. In a robot-control skill, undocumented destructive actions increase the chance of accidental or unauthorized activation that can disrupt gameplay, damage pieces, or cause unsafe robot movement around users.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation exposes photo and audio capture APIs without any consent, retention, or privacy notice. Because these endpoints control real sensors on a robot, omission of privacy safeguards can facilitate covert collection of images or recordings in a physical environment, especially if the service is reachable on the network.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal