ClawHub

Shelly BluTRV Manager

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its Shelly thermostat purpose, but it exposes broader real-device controls and misleading timed heating behavior that users should review before installing.

Install only if you intend to let an agent access your Shelly gateways and Shelly Cloud token. Require explicit confirmation before any write action, avoid relying on boost or override durations until fixed, and avoid raw cloud, relay, firmware-update, and calibration commands unless you deliberately want that broader device-control authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The override command claims that the temperature change will automatically revert after the supplied duration, but the code never schedules or enforces that reversion. This can leave heating overridden indefinitely, causing unexpected device behavior, wasted energy, or safety/operational issues in unattended environments.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The boost command accepts a duration argument and documents configurable timing, but the request sent to the device ignores that value entirely. Users may assume boost is bounded when it is not, leading to unintended extended heating and loss of operator control expectations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This document exposes internal device identifiers, local gateway IP addresses, and explicit cloud-API access patterns, including example commands that retrieve sensor data. Even though it is documentation rather than executable code, it materially lowers the barrier to unauthorized inventorying, monitoring, or abuse of privacy-sensitive home/office infrastructure if the skill contents are exposed to an agent or untrusted user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal