ClawHub

onewo-rtlinux

Security checks across malware telemetry and agentic risk

Overview

This Linux real-time coding skill is mostly purpose-aligned, but it routinely presents privileged system-tuning commands that can disrupt the user's machine without enough scoping or recovery guidance.

Use this skill only for Linux real-time development on a dedicated or disposable test machine when possible. Review generated C code before running it as root, and do not run `sudo init 3` or all-core CPU governor changes unless you understand the session, thermal, power, and rollback implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill directs users to run `sudo init 3`, which is a host-level administrative action that immediately terminates the graphical session and can disrupt active work. That action is not necessary for a code-generation/review assistant and expands the skill from advisory coding help into unsafe system reconfiguration guidance.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill recommends changing the CPU frequency governor for all cores via a privileged loop, which performs broad system-wide configuration unrelated to the minimum necessary scope of reviewing or generating RT C code. This can affect power, thermals, battery life, and host stability, especially on shared or non-dedicated systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The only warning for `sudo init 3` is an inline code comment, which is easy to miss and insufficient for a command that immediately kills the graphical session. Presenting such a disruptive command in a routine checklist increases the chance that users will execute it without understanding the consequences.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill provides a privileged loop that changes CPU governor policy across the machine without an adequate warning about system-wide impact. Users may interpret it as a standard prerequisite and apply it on production or personal systems, causing unintended operational and thermal side effects.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal