ClawHub

S2 Spatial Adapters

Security checks across malware telemetry and agentic risk

Overview

This smart-home control skill appears purpose-aligned, but it gives an agent broad physical-control authority without clear safety gates for sensitive actions like unlocking doors.

Install only if you are prepared to constrain it yourself: use explicit device allowlists, keep locks/alarms/high-risk devices out of scope unless every action requires human confirmation, review any device mappings before use, and avoid giving it autonomous authority over security or safety-critical systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The welcome message claims the agent is already connected to the full home LAN and Tuya cloud, which overstates its documented capabilities and can mislead users into assuming it has broader live access and authority than the defined tool interface supports. In a physical-control skill, this trust inflation is dangerous because users may disclose sensitive environment details or rely on unsafe assumptions about what systems the agent can directly reach and control.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README explicitly promotes autonomous AI control of physical smart-home systems and instructs users to provide direct device mappings so an agent can translate natural language into real-world actuation. Even if framed as a feature, this creates an overly broad invocation scope for safety-critical functions such as HVAC, locks, alarms, and feeders, increasing the chance of unsafe or unauthorized actions from prompt injection, agent error, or misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly supports real-world physical actuation across home automation platforms and includes a door unlock example, but it does not present a clear user-facing warning, confirmation requirement, or safety gating for irreversible or security-sensitive actions. In this context, omission of strong safety messaging and approval boundaries increases the risk that an agent or operator could trigger unsafe device actions such as unlocking doors or changing climate/power states without appropriate human verification.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill is described as translating broad natural-language intents and implicit needs into physical-world actuation, without clear trigger boundaries, confirmation rules, or safety gating. In a home automation context that includes locks, HVAC, lighting, and pet feeding, ambiguous or casual conversation can be misinterpreted as authorization to perform real physical actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The welcome message invites users to describe feelings or general expectations for the space, which encourages ambiguous, open-ended input while the system prompt is designed to infer implicit needs and convert them into actuator commands. That combination materially raises the risk of unintended device control from ordinary conversation, including security, climate, lighting, or feeder actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal