ClawHub

Scada

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple local log manager advertised as a SCADA industrial-control manager, so users should review it carefully before relying on it.

Install only if you want a small local entry/log helper. Do not use it for real SCADA monitoring, device control, safety workflows, or operational assurance. Avoid storing secrets or sensitive operational details, and be aware that removal is immediate and exports write local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a SCADA manager, but the implementation is only a local note/log utility. This mismatch is security-relevant because users may grant elevated trust, sensitive data, or operational access based on the claimed industrial-control purpose, while the code provides none of the expected safety, device-integration, or operational guarantees. In an agent ecosystem, deceptive capability claims can mislead operators into unsafe deployment decisions.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The inline documentation and help output reinforce the false claim that this tool performs SCADA management, when it only manipulates local files. Misleading documentation can cause administrators or automated systems to invoke the skill in sensitive industrial contexts under false assumptions, increasing the risk of misuse, misplaced trust, and unsafe operational dependence.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documented `remove` command is destructive and provides no warning, confirmation behavior, or safety caveat. In an agent context, this increases the chance of accidental deletion of locally stored operational records, especially because the skill presents itself as SCADA-related and users may assume stronger safeguards around data handling.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The `export` command writes data to a file without documented safeguards around destination path, overwrite behavior, or sensitivity of exported contents. In practice this can lead to unintended file overwrites or leakage of locally stored data into insecure locations, particularly in automation flows where file outputs may be handled non-interactively.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal