ClawHub

S2-SP-OS Energy Radar

Security checks across malware telemetry and agentic risk

Overview

This local energy-dashboard skill does not show exfiltration or destructive code, but it can mislead users with simulated household data and nudges agents toward unsafe power-control automations.

Review before installing. Treat generated dashboards as demo data unless the author adds real telemetry provenance. Do not allow this skill, or any connected smart-home skill, to configure automatic power shutoff or HVAC changes without explicit per-device approval, safety exclusions, and a reversible confirmation flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation says the skill does not execute power-offs, yet the sample workflow immediately pivots to suggesting automated cutoff strategies. This creates contradictory behavioral guidance that can prime an agent to treat passive telemetry as authorization for impactful device-control workflows, increasing the chance of unsafe or unauthorized automation.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation says the skill does not execute power-offs, yet the sample workflow immediately pivots to suggesting automated cutoff strategies. This creates contradictory behavioral guidance that can prime an agent to treat passive telemetry as authorization for impactful device-control workflows, increasing the chance of unsafe or unauthorized automation.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The example encourages cross-domain home automation actions that go beyond energy mapping and dashboard generation. This kind of scope expansion is dangerous because it can cause an agent to chain into unrelated control capabilities using weak justification from observational data alone, potentially affecting appliances or household systems without adequate validation.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The implementation advertises inventory-based, local energy analytics but actually generates charts from hard-coded devices and simulated 30-day usage. This can mislead users or downstream agents into treating fabricated operational data as real household telemetry, leading to incorrect decisions and false trust in the skill's outputs.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The docstring claims dynamic energy and device profiling for agent presentation, but the charts are entirely derived from placeholder data. In an agent skill context, deceptive or inaccurate provenance is security-relevant because other components may surface or act on these results as if they reflect the user's environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples describe automatic power cutoffs for appliances without prominent safety warnings, confirmation requirements, or discussion of operational risks. Automated shutoff of devices such as AC units, heaters, microwaves, or computers can create safety, reliability, and data-loss issues if executed under incorrect assumptions or faulty occupancy detection.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to generate dashboards whenever the user asks for an energy report is overly broad and can cause the agent to invoke code execution for loosely related requests. Because the skill is allowed to use exec and is instructed to expose local file URIs directly, a broad trigger increases the chance of unnecessary command execution and unintended disclosure of local paths or generated artifacts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal