ClawHub

Uds Diagnostic Test

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real UDS diagnostic testing skill, but it needs review because it can change ECU state and host CAN settings without strong safety gates.

Install only for authorized bench or lab use, not on a live vehicle or shared workstation without review. Read the generated test script before running it, avoid the passwordless sudoers rule unless you accept the host-level risk, do not use pipeline mode casually, and load SeedKey DLLs only from trusted sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
_append_cli_arg(cmd, key, val)

    print(f"[INFO] 执行测试: {' '.join(cmd)}")
    result = subprocess.run(cmd, capture_output=True, text=True, encoding="utf-8")
    print(result.stdout)
    if result.stderr:
        print(result.stderr)
Confidence
92% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True, encoding="utf-8")

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The document states SocketCAN is the only approved backend and explicitly forbids PCAN usage, but the pipeline path invokes a PCAN-named runner. In a hardware-testing skill, this inconsistency is dangerous because users may bypass the safer/manual confirmation workflow and execute an alternate code path with different transport assumptions, unsupported drivers, or different security controls.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The generator produces executable scripts that do far more than passive diagnostics: they reset ECUs, clear DTCs, attempt security unlocking, invoke memory/file-transfer services, alter communication state, and send other state-changing UDS requests. In an automotive context, this can disrupt vehicle functions, erase forensic data, or alter ECU state on real hardware, especially because the generated script is positioned as a general testing utility.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The generated client includes $23/$34/$35/$36/$37/$38 memory access and transfer primitives, which materially expand capability from survey-based test generation into firmware extraction/modification workflows. These services can expose sensitive memory, support unauthorized reprogramming paths, or destabilize ECUs if invoked against live systems.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The generated script reconfigures SocketCAN with sudo, forcibly brings interfaces down/up, and kills processes using fuser. That creates host-level impact beyond ECU testing, allowing denial of service against other local applications and unsafe reconfiguration of shared interfaces without strong user confirmation or scoping.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code loads and executes an arbitrary external SeedKey DLL via ctypes, then uses it to compute keys for UDS SecurityAccess unlocking. This is dangerous both because it executes untrusted native code in the host process and because it facilitates bypass of ECU access controls when pointed at real devices.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The comment claims the script will not send LinkControl transition requests because they may interrupt communication, but the code still sends a $87 0x03 request. This mismatch is dangerous because operators may trust the comment and run code that can alter link behavior or disrupt the diagnostic session unexpectedly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises execution of UDS services such as ECUReset, ClearDiagnosticInformation, WriteDataByIdentifier, IOControl, RoutineControl, and SecurityAccess against a live ECU, but it does not prominently warn that these actions can reset modules, clear diagnostic evidence, change configuration, or actuate hardware. In a skill whose purpose is to generate and run tests on real CAN-connected devices, omission of an explicit safety warning materially increases the chance of accidental disruptive use on production vehicles or safety-relevant benches.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script can forcibly terminate processes associated with the CAN interface via `fuser -k`, which is a destructive action that can disrupt unrelated workloads or active diagnostic sessions. In this skill context, the script is intended to reconfigure live CAN devices, so abruptly killing holders of the interface can cause denial of service, loss of test state, or unsafe interruption of connected automotive workflows.

Missing User Warnings

High
Confidence
98% confidence
Finding
The generated script performs destructive and privileged actions by default, including ECU reset, DTC clearing, communication control changes, security access attempts, and host interface reconfiguration, without an explicit confirmation step at execution time. In this skill context, users may expect a test generator, not an aggressive actor capable of changing both ECU and host state immediately.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal