ClawHub

Accessibility Toolkit 1.0.0

Security checks across malware telemetry and agentic risk

Overview

The skill is accessibility-focused and not deceptive, but it gives under-scoped guidance for smart-home actions that can affect physical security.

Install only if you will adapt the templates manually. Keep confirmations or strict allowlists for locks, doors, alarms, medical routines, and other high-impact actions, replace example access codes with placeholders or secret storage, and avoid letting an agent mine conversation history without explicit consent and privacy limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example voice triggers are short, natural phrases like "Help" and "Movie time," which are prone to accidental activation from ordinary conversation, media playback, or other household speech. In this skill's context, the risk is elevated because the guidance explicitly favors low-friction execution and says not to require confirmation for reversible actions, increasing the chance that unintended commands will be acted on immediately.

Missing User Warnings

High
Confidence
98% confidence
Finding
The arrival automation unlocks the front door automatically when presence detection says the person has entered the home zone, but the skill does not warn about geofencing inaccuracies, spoofed presence signals, shared-device risks, or the safety implications of autonomous unlocking. In an accessibility-focused skill, convenience pressure makes this more dangerous because users may deploy it as-is for a high-impact physical security control.

Ssd 3

Medium
Confidence
99% confidence
Finding
The documentation includes a literal backup door code in plain text, which normalizes storing and exposing sensitive credentials directly in user-facing messages or repository content. If copied into a real deployment, this can leak an access secret through logs, screenshots, version control, or agent responses, enabling unauthorized entry.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal