ClawHub

Pi Admin

Security checks across malware telemetry and agentic risk

Overview

This is a real Raspberry Pi admin skill, but it can reboot the host, change system configuration, and restart services with inconsistent confirmation safeguards.

Install only on the intended Raspberry Pi and use the information commands or --dry-run first. Do not let an autonomous agent run maintenance commands unless you accept possible reboots, package changes, service disabling, Docker cleanup, gateway interruption, and persistent system setting changes. Review the hardcoded paths, ports, and IPs before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest and high-level description omit an optimization feature that disables services and changes persistent kernel memory settings. That under-disclosure is dangerous because users may invoke what seems like a monitoring/admin skill without realizing it can alter host configuration and reduce network/service availability.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script unconditionally kills processes matching a broad pattern and escalates to SIGKILL without confirmation. This can terminate unintended processes if the match is overly broad or manipulated, causing denial of service and potentially disrupting unrelated workloads on the host.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This dispatcher exposes destructive maintenance actions like update, clean, reboot, and restart-gateway directly from a single entrypoint without any confirmation, interlock, or clear warning at the point of invocation. In an agent or automation context, this increases the chance of accidental service disruption, reboot, package changes, or network loss from a mistaken or injected command, even though the behavior appears intended for administration rather than malicious abuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal