ClawHub

zsquadbot

Security checks across malware telemetry and agentic risk

Overview

This quadruped-robot skill mostly matches its stated purpose, but it can enable and command real motors without adequate safety gating and includes a hardcoded dynamic code execution test script.

Review before installing or running on real hardware. Use the simulation scripts first, avoid simple_test.py unless the hardcoded exec path is removed or replaced with a normal import, and only run motor_control.py with the robot physically secured, power and emergency stop ready, and conservative command limits added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

exec() call detected

High
Category
Dangerous Code Execution
Content
import time

# 直接读取并执行 sim_state.py
exec(open('/Users/liuxing/.openclaw/workspace/skills/quadruped/scripts/sim_state.py').read())

sim = QuadrupedSimulator()
sim.dt = 0.01
Confidence
99% confidence
Finding
exec(open('/Users/liuxing/.openclaw/workspace/skills/quadruped/scripts/sim_state.py').read())

Direct flow: open (file read) → exec (code execution)

High
Category
Data Flow
Content
import time

# 直接读取并执行 sim_state.py
exec(open('/Users/liuxing/.openclaw/workspace/skills/quadruped/scripts/sim_state.py').read())

sim = QuadrupedSimulator()
sim.dt = 0.01
Confidence
99% confidence
Finding
exec(open('/Users/liuxing/.openclaw/workspace/skills/quadruped/scripts/sim_state.py').read())

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The file presents itself as a simple pose demo, but it silently executes an external Python file before doing any simulation work. That mismatch increases risk because reviewers or users may underestimate the trust boundary and run the script without realizing it performs dynamic code execution.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script connects to all motors and immediately enables them, which can cause real-world physical actuation without any explicit operator confirmation, warning, or safety interlock. In a robotics control context this increases the risk of unintended motion, injury, or hardware damage if the program is run on a live platform or against the wrong device.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The interactive shell accepts position, velocity, and force commands and sends them directly to motors without a safety warning, bounds checking, or confirmation before issuing live writes. Because this skill is explicitly for quadruped robot control, unsafe commands can immediately translate into hazardous motion, making the context more dangerous rather than less.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal