v0.1.3

FBoxMCP

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:34 AM.

Analysis

This skill appears purpose-aligned, but it should be reviewed carefully because it can use a long-lived FBox credential to control industrial devices.

GuidanceInstall only if you trust the FBox/Flexem source and need AI-assisted industrial device operations. Use HTTPS, protect and rotate FBOXMCP_API_KEY, prefer least-privilege credentials, and manually verify every device write or alarm action before approving it.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

references/monitoring.md

write_user_box_dmon_value

向监控点写入新值。**直接影响现场设备运行状态。** ... `Confirmed` 必须为 true

The skill exposes a tool that can write PLC monitoring-point values on live industrial equipment. The documented confirmation requirement is a good control, but the action itself is operationally high-impact.

User impactA mistaken or over-permissive approval could change real equipment behavior, not just read data.

RecommendationUse this only with accounts authorized for device operations; verify the device, point, current value, and target value before approving any write, and prefer read-only or narrowly scoped credentials when possible.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown
Homepage: none

The registry-level provenance is incomplete even though the documentation points to FBox/Flexem resources. This is not evidence of malicious behavior, but it matters for a skill that can affect industrial devices.

User impactUsers may have less assurance from registry metadata alone that they are installing the intended official skill.

RecommendationConfirm the package, GitHub repository, domain, and publisher with the FBox/Flexem administrator before installing.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

references/user-guide.md

API Key（推荐） | `Bearer sk-xxxxxx` | AI 客户端、第三方集成。长期有效，免维护

The skill uses a long-lived bearer credential for the FBox account. Combined with the documented device-management and write tools, this is a high-impact delegated authority that should be scoped and protected carefully.

User impactAnyone or any agent with this token may be able to access the user’s FBox device data and perform permitted device operations.

RecommendationStore the API key securely, do not share it, rotate it regularly, and use least-privilege or read-only credentials if the FBox platform supports them.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

INSTALL.md

claude mcp add --transport http fboxmcp https://fboxmcp.fbox360.com --header "Authorization: Bearer ${FBOXMCP_API_KEY}"

The agent is configured to communicate with a remote MCP endpoint using a bearer token. This is expected for the integration and uses HTTPS in the documented command, but operational device data and actions pass through that remote service.

User impactDevice lists, sensor readings, alarms, location or SIM information, and requested actions may be processed through the configured FBox MCP service.

RecommendationVerify the endpoint is the intended FBox/Flexem service, keep HTTPS enabled, and avoid sending the credential to untrusted or non-production hosts.